fix preact not supporting important in styles

declare cva config outside
fix: back button not readable in dark backgrounds - fixes #7922
2026-05-21 11:49:32 -05:00 · 2026-05-21 17:29:16 +02:00 · 2026-05-21 17:09:13 +02:00 · 2026-05-21 16:28:31 +02:00 · 2026-05-21 16:27:51 +02:00 · 2026-05-21 11:41:23 +00:00
152 changed files with 2104 additions and 637 deletions
@@ -53,7 +53,7 @@ function {QuestionType}({
 }: {QuestionType}Props): React.JSX.Element {
    // Ensure value is always the correct type (handle undefined/null)
    const currentValue = value ?? {defaultValue};
-    
+
    // Detect text direction from content
    const detectedDir = useTextDirection({
        dir,
@@ -63,11 +63,11 @@ function {QuestionType}({
    return (
        <div className="w-full space-y-4" id={elementId} dir={detectedDir}>
            {/* Headline */}
-            <ElementHeader 
-                headline={headline} 
-                description={description} 
-                required={required} 
-                htmlFor={inputId} 
+            <ElementHeader
+                headline={headline}
+                description={description}
+                required={required}
+                htmlFor={inputId}
            />

            {/* Question-specific controls */}
@@ -31,14 +31,14 @@ jobs:
          REPO: ${{ github.repository }}
        run: |
          set -euo pipefail
-          
+
          # Get the latest release tag from GitHub API with error handling
          echo "Fetching latest release from GitHub API..."
-          
+
          # Use curl with error handling - API returns 404 if no releases exist
          http_code=$(curl -s -w "%{http_code}" -H "Authorization: token ${GITHUB_TOKEN}" \
            "https://api.github.com/repos/${REPO}/releases/latest" -o /tmp/latest_release.json)
-          
+
          if [[ "$http_code" == "404" ]]; then
            echo "⚠️  No previous releases found (404). This appears to be the first release."
            echo "latest_release=" >> $GITHUB_OUTPUT
@@ -55,7 +55,7 @@ jobs:
            echo "❌ GitHub API error (HTTP ${http_code}). Treating as first release."
            echo "latest_release=" >> $GITHUB_OUTPUT
          fi
-          
+
          echo "Current release tag: ${{ github.event.release.tag_name }}"

      - name: Compare release tags
@@ -65,7 +65,7 @@ jobs:
          LATEST_TAG: ${{ steps.get_latest_release.outputs.latest_release }}
        run: |
          set -euo pipefail
-          
+
          # Handle first release case (no previous releases)
          if [[ -z "${LATEST_TAG}" ]]; then
            echo "🎉 This is the first release (${CURRENT_TAG}) - treating as latest"
@@ -156,6 +156,87 @@ jobs:
      is_prerelease: ${{ github.event.release.prerelease }}
      make_latest: ${{ needs.check-latest-release.outputs.is_latest == 'true' }}

+  update-helm-app-version:
+    name: Create Helm app version update
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    needs:
+      - docker-build-community
+      - helm-chart-release
+    if: ${{ !github.event.release.prerelease }}
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Harden the runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout main
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: main
+
+      - name: Install YQ
+        uses: dcarbone/install-yq-action@4075b4dca348d74bd83f2bf82d30f25d7c54539b # v1.3.1
+
+      - name: Prepare Helm app version update
+        id: update
+        env:
+          VERSION: ${{ needs.docker-build-community.outputs.VERSION }}
+        run: |
+          set -euo pipefail
+
+          if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Skipping Helm app version source update for non-stable version: ${VERSION}"
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          yq -i ".appVersion = \"${VERSION}\"" charts/formbricks/Chart.yaml
+          perl -0pi -e "s/!\[AppVersion: [^\]]+\]/![AppVersion: ${VERSION}]/" charts/formbricks/README.md
+          perl -0pi -e "s/AppVersion-[0-9A-Za-z._+-]+-informational/AppVersion-${VERSION}-informational/" charts/formbricks/README.md
+
+          if git diff --quiet -- charts/formbricks/Chart.yaml charts/formbricks/README.md; then
+            echo "Helm chart appVersion already matches ${VERSION}"
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          echo "changed=true" >> "$GITHUB_OUTPUT"
+
+      - name: Create Helm app version PR
+        if: steps.update.outputs.changed == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VERSION: ${{ needs.docker-build-community.outputs.VERSION }}
+        run: |
+          set -euo pipefail
+
+          branch="chore/update-helm-app-version-${VERSION}"
+          title="chore: update Helm app version to ${VERSION}"
+          body_file="$(mktemp)"
+
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git checkout -B "$branch"
+          git add charts/formbricks/Chart.yaml charts/formbricks/README.md
+          git commit -m "$title"
+          git push --force-with-lease origin "$branch"
+
+          cat > "$body_file" <<EOF
+          Updates the Helm chart default app version after publishing stable Formbricks release ${VERSION}.
+
+          Release candidates and pre-releases do not create this source update.
+          EOF
+
+          if gh pr view "$branch" --repo "$GITHUB_REPOSITORY" >/dev/null 2>&1; then
+            gh pr edit "$branch" --repo "$GITHUB_REPOSITORY" --title "$title" --body-file "$body_file" --base main
+          else
+            gh pr create --repo "$GITHUB_REPOSITORY" --base main --head "$branch" --title "$title" --body-file "$body_file"
+          fi
+
  linear-release-complete:
    name: Mark Linear release as complete
    runs-on: ubuntu-latest
@@ -165,6 +246,7 @@ jobs:
      - docker-build-cloud
      - helm-chart-release
      - move-stable-tag
+      - update-helm-app-version
    if: ${{ !github.event.release.prerelease }}
    steps:
      - name: Harden the runner
@@ -70,6 +70,25 @@ jobs:

          echo "✅ Successfully updated Chart.yaml"

+      - name: Validate default Formbricks image tag
+        env:
+          VERSION: ${{ env.VERSION }}
+        run: |
+          set -euo pipefail
+
+          rendered="$(helm template qa charts/formbricks \
+            --set formbricks.webappUrl=https://qa.example.com \
+            --show-only templates/deployment.yaml \
+            --show-only templates/migration-job.yaml)"
+
+          expected_image="ghcr.io/formbricks/formbricks:${VERSION}"
+          image_count="$(grep -c "image: ${expected_image}$" <<< "$rendered" || true)"
+          if [[ "$image_count" -ne 2 ]]; then
+            echo "Expected web Deployment and migration Job to render ${expected_image}; found ${image_count} matches"
+            grep "image: ghcr.io/formbricks/formbricks:" <<< "$rendered" || true
+            exit 1
+          fi
+
      - name: Package Helm chart
        env:
          VERSION: ${{ env.VERSION }}
@@ -5,6 +5,7 @@
  "type": "module",
  "scripts": {
    "lint": "eslint . --config .eslintrc.cjs --ext .ts,.tsx --report-unused-disable-directives --max-warnings 0",
+    "typecheck": "tsc --noEmit",
    "preview": "vite preview",
    "storybook": "storybook dev -p 6006",
    "build-storybook": "storybook build",
@@ -1,6 +1,6 @@
 import React from "react";
 import ReactDOM from "react-dom/client";
-import App from "./App.tsx";
+import { App } from "./App.tsx";
 import "./index.css";

 ReactDOM.createRoot(document.getElementById("root")!).render(
@@ -194,7 +194,7 @@ export const MainNavigation = ({
  const settingsNavigationItem = useMemo(
    () => ({
      name: t("common.settings"),
-      href: `/workspaces/${workspace.id}/settings`,
+      href: `/workspaces/${workspace.id}/settings/workspace/general`,
      icon: SettingsIcon,
      isActive: isSettingsMode,
      disabled: isMembershipPending || isBilling,
@@ -467,7 +467,7 @@ export const MainNavigation = ({
          {isSettingsMode ? (
            <div className="flex flex-col overflow-hidden">
              <div className="mb-2 px-3">
-                <GoBackButton />
+                <GoBackButton url={`/workspaces/${workspace.id}/surveys`} />
              </div>

              {/* Settings sidebar content */}
@@ -335,6 +335,7 @@ export const SettingsSidebarContent = ({
      href: `${basePath}/organization/feedback-directories`,
      icon: <FoldersIcon className={iconClassName} />,
      hidden: isMember,
+      disabled: !isOwnerOrManager,
    },
    {
      id: "org-api-keys",
@@ -373,12 +374,14 @@ export const SettingsSidebarContent = ({
      label: t("common.your_profile"),
      href: `${basePath}/account/profile`,
      icon: <UserCircleIcon className={iconClassName} />,
+      disabled: isBilling,
    },
    {
      id: "notifications",
      label: t("common.notifications"),
      href: `${basePath}/account/notifications`,
      icon: <BellIcon className={iconClassName} />,
+      disabled: isBilling,
    },
  ];

@@ -1,4 +1,11 @@
-const AccountSettingsLayout = (props: { children: React.ReactNode }) => {
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
+
+const AccountSettingsLayout = async (props: Readonly<{
+  params: Promise<{ workspaceId: string }>;
+  children: React.ReactNode;
+}>) => {
+  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
  return <>{props.children}</>;
 };

@@ -0,0 +1,54 @@
+import { redirect } from "next/navigation";
+import { describe, expect, test, vi } from "vitest";
+import { getBillingFallbackPath } from "@/lib/membership/navigation";
+import { getWorkspaceAuth } from "@/modules/workspaces/lib/utils";
+import { redirectBillingRoleFromRestrictedSettings } from "./redirect-billing-role";
+
+const mocks = vi.hoisted(() => ({
+  getBillingFallbackPath: vi.fn(),
+  getWorkspaceAuth: vi.fn(),
+  isFormbricksCloud: false,
+}));
+
+vi.mock("@/lib/constants", () => ({
+  IS_FORMBRICKS_CLOUD: mocks.isFormbricksCloud,
+}));
+
+vi.mock("@/lib/membership/navigation", () => ({
+  getBillingFallbackPath: mocks.getBillingFallbackPath,
+}));
+
+vi.mock("@/modules/workspaces/lib/utils", () => ({
+  getWorkspaceAuth: mocks.getWorkspaceAuth,
+}));
+
+const workspaceId = "workspace-1";
+const billingFallbackPath = `/workspaces/${workspaceId}/settings/organization/billing`;
+
+const getWorkspaceAuthResponse = (isBilling: boolean) =>
+  ({
+    isBilling,
+  }) as Awaited<ReturnType<typeof getWorkspaceAuth>>;
+
+describe("redirectBillingRoleFromRestrictedSettings", () => {
+  test("does not redirect non-billing workspace members", async () => {
+    vi.mocked(getWorkspaceAuth).mockResolvedValue(getWorkspaceAuthResponse(false));
+
+    await expect(redirectBillingRoleFromRestrictedSettings(workspaceId)).resolves.toBeUndefined();
+
+    expect(getWorkspaceAuth).toHaveBeenCalledWith(workspaceId);
+    expect(getBillingFallbackPath).not.toHaveBeenCalled();
+    expect(redirect).not.toHaveBeenCalled();
+  });
+
+  test("redirects billing users to the billing fallback path", async () => {
+    vi.mocked(getWorkspaceAuth).mockResolvedValue(getWorkspaceAuthResponse(true));
+    vi.mocked(getBillingFallbackPath).mockReturnValue(billingFallbackPath);
+
+    await redirectBillingRoleFromRestrictedSettings(workspaceId);
+
+    expect(getWorkspaceAuth).toHaveBeenCalledWith(workspaceId);
+    expect(getBillingFallbackPath).toHaveBeenCalledWith(workspaceId, mocks.isFormbricksCloud);
+    expect(redirect).toHaveBeenCalledWith(billingFallbackPath);
+  });
+});
@@ -0,0 +1,12 @@
+import { redirect } from "next/navigation";
+import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
+import { getBillingFallbackPath } from "@/lib/membership/navigation";
+import { getWorkspaceAuth } from "@/modules/workspaces/lib/utils";
+
+export const redirectBillingRoleFromRestrictedSettings = async (workspaceId: string): Promise<void> => {
+  const { isBilling } = await getWorkspaceAuth(workspaceId);
+
+  if (isBilling) {
+    redirect(getBillingFallbackPath(workspaceId, IS_FORMBRICKS_CLOUD));
+  }
+};
@@ -1,3 +1,11 @@
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
 import { APIKeysPage } from "@/modules/organization/settings/api-keys/page";

-export default APIKeysPage;
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
+  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
+
+  return APIKeysPage(props);
+};
+
+export default Page;
@@ -1,3 +1,18 @@
+import { redirect } from "next/navigation";
+import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
+import { getBillingFallbackPath } from "@/lib/membership/navigation";
 import { PricingPage } from "@/modules/ee/billing/page";
+import { getWorkspaceAuth } from "@/modules/workspaces/lib/utils";

-export default PricingPage;
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
+  const params = await props.params;
+  const { isBilling } = await getWorkspaceAuth(params.workspaceId);
+
+  if (isBilling && !IS_FORMBRICKS_CLOUD) {
+    redirect(getBillingFallbackPath(params.workspaceId, IS_FORMBRICKS_CLOUD));
+  }
+
+  return PricingPage(props);
+};
+
+export default Page;
@@ -1,6 +1,7 @@
 import { notFound } from "next/navigation";
 import { AuthenticationError } from "@formbricks/types/errors";
 import { SettingsCard } from "@/app/(app)/workspaces/[workspaceId]/settings/components/SettingsCard";
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
 import { PrettyUrlsTable } from "@/app/(app)/workspaces/[workspaceId]/settings/organization/domain/components/pretty-urls-table";
 import { IS_FORMBRICKS_CLOUD, IS_STORAGE_CONFIGURED } from "@/lib/constants";
 import { getTranslate } from "@/lingodotdev/server";
@@ -12,8 +13,9 @@ import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getWorkspaceAuth } from "@/modules/workspaces/lib/utils";

-const Page = async (props: { params: Promise<{ workspaceId: string }> }) => {
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
  const t = await getTranslate();

  if (IS_FORMBRICKS_CLOUD) {
@@ -1,9 +1,10 @@
 import { CheckIcon } from "lucide-react";
 import Link from "next/link";
-import { notFound } from "next/navigation";
+import { notFound, redirect } from "next/navigation";
 import { EnterpriseLicenseFeaturesTable } from "@/app/(app)/workspaces/[workspaceId]/settings/organization/enterprise/components/EnterpriseLicenseFeaturesTable";
 import { EnterpriseLicenseStatus } from "@/app/(app)/workspaces/[workspaceId]/settings/organization/enterprise/components/EnterpriseLicenseStatus";
 import { ENTERPRISE_LICENSE_REQUEST_FORM_URL, IS_FORMBRICKS_CLOUD } from "@/lib/constants";
+import { getBillingFallbackPath } from "@/lib/membership/navigation";
 import { getTranslate } from "@/lingodotdev/server";
 import { GRACE_PERIOD_MS, getEnterpriseLicense } from "@/modules/ee/license-check/lib/license";
 import { Button } from "@/modules/ui/components/button";
@@ -11,15 +12,19 @@ import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getWorkspaceAuth } from "@/modules/workspaces/lib/utils";

-const Page = async (props: { params: Promise<{ workspaceId: string }> }) => {
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
  const params = await props.params;
  const t = await getTranslate();
+  const { isBilling, isMember } = await getWorkspaceAuth(params.workspaceId);
+
+  if (isBilling && IS_FORMBRICKS_CLOUD) {
+    redirect(getBillingFallbackPath(params.workspaceId, IS_FORMBRICKS_CLOUD));
+  }
+
  if (IS_FORMBRICKS_CLOUD) {
    return notFound();
  }

-  const { isMember } = await getWorkspaceAuth(params.workspaceId);
-
  const isPricingDisabled = isMember;

  if (isPricingDisabled) {
@@ -1 +1,11 @@
-export { FeedbackDirectoriesPage as default } from "@/modules/ee/feedback-directory/page";
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
+import { FeedbackDirectoriesPage } from "@/modules/ee/feedback-directory/page";
+
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
+  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
+
+  return FeedbackDirectoriesPage(props);
+};
+
+export default Page;
@@ -1,3 +1,4 @@
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
 import { isInstanceAIConfigured } from "@/lib/ai/service";
 import {
  ENTERPRISE_LICENSE_REQUEST_FORM_URL,
@@ -26,8 +27,9 @@ import { DeleteOrganization } from "./components/DeleteOrganization";
 import { EditOrganizationNameForm } from "./components/EditOrganizationNameForm";
 import { SecurityListTip } from "./components/SecurityListTip";

-const Page = async (props: { params: Promise<{ workspaceId: string }> }) => {
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
  const t = await getTranslate();

  const { session, currentUserMembership, organization, isOwner, isManager } = await getWorkspaceAuth(
@@ -1,3 +1,11 @@
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
 import { TeamsPage } from "@/modules/organization/settings/teams/page";

-export default TeamsPage;
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
+  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
+
+  return TeamsPage(props);
+};
+
+export default Page;
@@ -1,7 +1,9 @@
 import { redirect } from "next/navigation";
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";

-const Page = async (props: { params: Promise<{ workspaceId: string }> }) => {
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
  return redirect(`/workspaces/${params.workspaceId}/settings/workspace/general`);
 };

@@ -2,7 +2,7 @@

 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
-import { OperationNotAllowedError, ResourceNotFoundError, UnknownError } from "@formbricks/types/errors";
+import { InvalidInputError, OperationNotAllowedError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { getEmailTemplateHtml } from "@/app/(app)/workspaces/[workspaceId]/surveys/[surveyId]/(analysis)/summary/lib/emailTemplate";
 import { capturePostHogEvent } from "@/lib/posthog";
 import { getSurvey, updateSurvey } from "@/lib/survey/service";
@@ -176,7 +176,7 @@ export const generatePersonalLinksAction = authenticatedActionClient
    );

    if (!contactsResult || contactsResult.length === 0) {
-      throw new UnknownError("No contacts found for the selected segment");
+      throw new InvalidInputError("No contacts found for the selected segment");
    }

    capturePostHogEvent(
@@ -11,6 +11,7 @@ import {
  ContactIcon,
  EyeOff,
  FlagIcon,
+  GaugeIcon,
  GlobeIcon,
  GridIcon,
  HashIcon,
@@ -25,6 +26,7 @@ import {
  NetworkIcon,
  PieChartIcon,
  Rows3Icon,
+  SmilePlusIcon,
  SmartphoneIcon,
  StarIcon,
  User,
@@ -103,6 +105,8 @@ const elementIcons = {
  [TSurveyElementTypeEnum.PictureSelection]: ImageIcon,
  [TSurveyElementTypeEnum.Matrix]: GridIcon,
  [TSurveyElementTypeEnum.Ranking]: ListOrderedIcon,
+  [TSurveyElementTypeEnum.CSAT]: SmilePlusIcon,
+  [TSurveyElementTypeEnum.CES]: GaugeIcon,
  [TSurveyElementTypeEnum.Address]: HomeIcon,
  [TSurveyElementTypeEnum.ContactInfo]: ContactIcon,

@@ -1,10 +1,11 @@
 import { Prisma } from "@prisma/client";
+import type { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
 import { PrismaErrorType } from "@formbricks/database/types/error";

-export const isPrismaKnownRequestError = (error: unknown): error is Prisma.PrismaClientKnownRequestError =>
+export const isPrismaKnownRequestError = (error: unknown): error is PrismaClientKnownRequestError =>
  error instanceof Prisma.PrismaClientKnownRequestError;

-export const isSingleUseIdUniqueConstraintError = (error: Prisma.PrismaClientKnownRequestError): boolean => {
+export const isSingleUseIdUniqueConstraintError = (error: PrismaClientKnownRequestError): boolean => {
  if (error.code !== PrismaErrorType.UniqueConstraintViolation) {
    return false;
  }
@@ -34,7 +34,7 @@ export const GET = async (req: Request) => {
    return responses.unauthorizedResponse();
  }

-  const basePath = `/workspaces/${workspaceId}`;
+  const basePath = `/workspaces/${workspaceId}/settings/workspace`;

  if (code && typeof code !== "string") {
    return responses.badRequestResponse("`code` must be a string");
@@ -102,7 +102,7 @@ export const GET = async (req: Request) => {
      logger.error({ error: err }, "Failed to capture PostHog integration_connected event for googleSheets");
    }

-    return Response.redirect(`${WEBAPP_URL}/${basePath}/integrations/google-sheets`);
+    return Response.redirect(`${WEBAPP_URL}${basePath}/integrations/google-sheets`);
  }

  return responses.internalServerErrorResponse("Failed to create or update Google Sheets integration");
@@ -103,6 +103,7 @@ describe("getWorkspaceStateData", () => {
        id: workspaceId,
        appSetupCompleted: true,
        workspaceSettings: {
+          id: workspaceId,
          recontactDays: 30,
          clickOutsideClose: true,
          overlay: "none",
@@ -111,7 +112,14 @@ describe("getWorkspaceStateData", () => {
          styling: { allowStyleOverwrite: false },
        },
      },
-      surveys: mockWorkspaceData.surveys,
+      // `survey.name` is replaced with a back-compat placeholder; segment was
+      // null in the mock so the sanitized segment stays null.
+      surveys: [
+        {
+          ...mockWorkspaceData.surveys[0],
+          name: "[deprecated] survey name omitted from public API - will be removed soon",
+        },
+      ],
      actionClasses: mockWorkspaceData.actionClasses,
    });

@@ -211,6 +219,7 @@ describe("getWorkspaceStateData", () => {
    const result = await getWorkspaceStateData(workspaceId);

    expect(result.workspace.workspaceSettings).toEqual({
+      id: workspaceId,
      recontactDays: 14,
      clickOutsideClose: false,
      overlay: "dark",
@@ -42,6 +42,7 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
      where: { id: workspaceId },
      select: {
        id: true,
+        legacyEnvironmentId: true,
        appSetupCompleted: true,
        recontactDays: true,
        clickOutsideClose: true,
@@ -72,7 +73,9 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
          select: {
            id: true,
            welcomeCard: true,
-            // name intentionally omitted — internal label not needed by the SDK
+            // `name` deliberately not selected — internal label not needed by the
+            // SDK and replaced with a fixed placeholder below so older SDKs that
+            // decoded `Survey.name` as a required field keep working.
            questions: true,
            blocks: true,
            variables: true,
@@ -99,9 +102,9 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
            styling: true,
            status: true,
            recaptcha: true,
-            // Fetch only what's needed to compute the minimal segment shape.
-            // Titles, descriptions, and filter conditions are evaluated server-side
-            // and must not be sent to the browser.
+            // Only need to know if any filters exist so we can compute
+            // `hasFilters`. Real filter values, segment title/description, and
+            // surveys-list relation are never exposed to clients.
            segment: {
              select: {
                id: true,
@@ -135,17 +138,46 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
      throw new ResourceNotFoundError("workspace", workspaceId);
    }

-    // Transform surveys using the shared utility, then replace the segment with
-    // the minimal public shape (id + hasFilters). We null out segment before
-    // calling transformPrismaSurvey because that function expects a surveys[]
-    // relation on the segment object (used by the management API), which we
-    // intentionally don't fetch here.
+    // Backwards-compat response shape for SDKs from before PR #7931. Those
+    // clients decoded `survey.name` and the full `segment` object as required
+    // fields, so the response must still carry that shape — but every field
+    // that could leak sensitive targeting data is replaced with a placeholder.
+    // The actual segment-membership check happens server-side (segment IDs in
+    // POST /user); SDKs only inspect `filters.length` / `hasFilters` locally.
+    //
+    // `environmentId` mirrors `legacyEnvironmentId ?? workspace.id`, matching
+    // the `/me` endpoints' pattern so migrated workspaces keep returning the
+    // original env ID older clients persisted.
+    const legacyOrCurrentId = workspaceData.legacyEnvironmentId ?? workspaceData.id;
+    const placeholderDate = new Date(0);
+    const placeholderFilter = {
+      id: "placeholder",
+      connector: null,
+      resource: {
+        id: "placeholder",
+        root: { type: "device", deviceType: "phone" },
+        value: "deprecated",
+        qualifier: { operator: "equals" },
+      },
+    };
+
    const transformedSurveys = workspaceData.surveys.map((survey) => {
-      const minimalSegment = survey.segment
+      const realHasFilters =
+        Array.isArray(survey.segment?.filters) && (survey.segment.filters as unknown[]).length > 0;
+
+      const sanitizedSegment = survey.segment
        ? {
            id: survey.segment.id,
-            hasFilters:
-              Array.isArray(survey.segment.filters) && (survey.segment.filters as unknown[]).length > 0,
+            title: "[deprecated] segment title omitted from public API - will be removed soon",
+            description: null,
+            isPrivate: true,
+            filters: realHasFilters ? [placeholderFilter] : [],
+            environmentId: legacyOrCurrentId,
+            workspaceId: legacyOrCurrentId,
+            createdAt: placeholderDate,
+            updatedAt: placeholderDate,
+            surveys: [],
+            hasFilters: realHasFilters,
          }
        : null;

@@ -155,7 +187,11 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
        segment: null,
      });

-      return { ...transformed, segment: minimalSegment };
+      return {
+        ...transformed,
+        name: "[deprecated] survey name omitted from public API - will be removed soon",
+        segment: sanitizedSegment,
+      };
    });

    return {
@@ -163,6 +199,7 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
        id: workspaceData.id,
        appSetupCompleted: workspaceData.appSetupCompleted,
        workspaceSettings: {
+          id: workspaceData.id,
          recontactDays: workspaceData.recontactDays,
          clickOutsideClose: workspaceData.clickOutsideClose,
          overlay: workspaceData.overlay,
@@ -171,7 +208,11 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
          styling: resolveStorageUrlsInObject(workspaceData.styling),
        },
      },
-      surveys: resolveStorageUrlsInObject(transformedSurveys),
+      // The runtime shape carries extra back-compat fields (placeholder
+      // segment, `hasFilters`, mirrored `environmentId`) that aren't part of
+      // the modern `TJsWorkspaceStateSurvey`. Cast through unknown — this is
+      // intentional and only this endpoint's response widens the type.
+      surveys: resolveStorageUrlsInObject(transformedSurveys) as unknown as TJsWorkspaceStateSurvey[],
      actionClasses: workspaceData.actionClasses,
    };
  } catch (error) {
@@ -9,6 +9,7 @@ const mocks = vi.hoisted(() => ({
  getSurvey: vi.fn(),
  getValidatedResponseUpdateInput: vi.fn(),
  loggerError: vi.fn(),
+  resolveClientApiIds: vi.fn(),
  sendToPipeline: vi.fn(),
  updateResponseWithQuotaEvaluation: vi.fn(),
  validateFileUploads: vi.fn(),
@@ -34,6 +35,10 @@ vi.mock("@/lib/survey/service", () => ({
  getSurvey: mocks.getSurvey,
 }));

+vi.mock("@/lib/utils/resolve-client-id", () => ({
+  resolveClientApiIds: mocks.resolveClientApiIds,
+}));
+
 vi.mock("@/modules/api/lib/validation", () => ({
  formatValidationErrorsForV1Api: mocks.formatValidationErrorsForV1Api,
  validateResponseData: mocks.validateResponseData,
@@ -123,6 +128,7 @@ describe("putResponseHandler", () => {
    });
    mocks.getResponse.mockResolvedValue(getBaseExistingResponse());
    mocks.getSurvey.mockResolvedValue(getBaseSurvey());
+    mocks.resolveClientApiIds.mockResolvedValue({ workspaceId });
    mocks.updateResponseWithQuotaEvaluation.mockResolvedValue(getBaseUpdatedResponse());
    mocks.validateFileUploads.mockReturnValue(true);
    mocks.validateOtherOptionLengthForMultipleChoice.mockReturnValue(null);
@@ -239,6 +245,34 @@ describe("putResponseHandler", () => {
    });
  });

+  test("returns not found when the workspace id cannot be resolved", async () => {
+    mocks.resolveClientApiIds.mockResolvedValue(null);
+
+    const result = await putResponseHandler(createHandlerParams({ workspaceId: "unknown_workspace_or_env" }));
+
+    expect(result.response.status).toBe(404);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "not_found",
+      message: "Workspace not found",
+      details: {
+        resource_id: "unknown_workspace_or_env",
+        resource_type: "Workspace",
+      },
+    });
+    expect(mocks.getResponse).not.toHaveBeenCalled();
+    expect(mocks.updateResponseWithQuotaEvaluation).not.toHaveBeenCalled();
+  });
+
+  test("accepts updates when the route param is a legacy environment id that resolves to the survey workspace", async () => {
+    mocks.resolveClientApiIds.mockResolvedValue({ workspaceId });
+
+    const result = await putResponseHandler(createHandlerParams({ workspaceId: "legacy_environment_id" }));
+
+    expect(mocks.resolveClientApiIds).toHaveBeenCalledWith("legacy_environment_id");
+    expect(result.response.status).toBe(200);
+    expect(mocks.updateResponseWithQuotaEvaluation).toHaveBeenCalledTimes(1);
+  });
+
  test("rejects updates when the response survey does not belong to the requested workspace", async () => {
    mocks.getSurvey.mockResolvedValue({
      ...getBaseSurvey(),
@@ -8,6 +8,7 @@ import { THandlerParams } from "@/app/lib/api/with-api-logging";
 import { sendToPipeline } from "@/app/lib/pipelines";
 import { getResponse } from "@/lib/response/service";
 import { getSurvey } from "@/lib/survey/service";
+import { resolveClientApiIds } from "@/lib/utils/resolve-client-id";
 import { formatValidationErrorsForV1Api, validateResponseData } from "@/modules/api/lib/validation";
 import { validateOtherOptionLengthForMultipleChoice } from "@/modules/api/v2/lib/element";
 import { createQuotaFullObject } from "@/modules/ee/quotas/lib/helpers";
@@ -209,7 +210,7 @@ export const putResponseHandler = async ({
  props,
 }: THandlerParams<TPutRouteParams>): Promise<TRouteResult> => {
  const params = await props.params;
-  const { workspaceId, responseId } = params;
+  const { workspaceId: workspaceIdParam, responseId } = params;

  if (!responseId) {
    return {
@@ -217,6 +218,14 @@ export const putResponseHandler = async ({
    };
  }

+  const resolved = await resolveClientApiIds(workspaceIdParam);
+  if (!resolved) {
+    return {
+      response: responses.notFoundResponse("Workspace", workspaceIdParam, true),
+    };
+  }
+  const { workspaceId } = resolved;
+
  const validatedUpdateInput = await getValidatedResponseUpdateInput(req);
  if ("response" in validatedUpdateInput) {
    return validatedUpdateInput;
@@ -104,7 +104,11 @@ export const createResponse = async (

    const ttc = initialTtc ? (finished ? calculateTtcTotal(initialTtc) : initialTtc) : {};

-    const prismaData = buildPrismaResponseData(responseInput, contact, ttc);
+    const prismaData = buildPrismaResponseData(
+      { ...responseInput, createdAt: undefined, updatedAt: undefined },
+      contact,
+      ttc
+    );

    const prismaClient = tx ?? prisma;

@@ -51,7 +51,7 @@ export const GET = withV1ApiWrapper({
      };
    }

-    const basePath = `/workspaces/${workspaceId}`;
+    const basePath = `/workspaces/${workspaceId}/settings/workspace`;

    const client_id = AIRTABLE_CLIENT_ID;
    const redirect_uri = WEBAPP_URL + "/api/v1/integrations/airtable/callback";
@@ -40,7 +40,7 @@ export const GET = withV1ApiWrapper({
      };
    }

-    const basePath = `/workspaces/${workspaceId}`;
+    const basePath = `/workspaces/${workspaceId}/settings/workspace`;

    if (code && typeof code !== "string") {
      return {
@@ -37,7 +37,7 @@ export const GET = withV1ApiWrapper({
      };
    }

-    const basePath = `/workspaces/${workspaceId}`;
+    const basePath = `/workspaces/${workspaceId}/settings/workspace`;

    if (code && typeof code !== "string") {
      return {
@@ -1,6 +1,6 @@
 import { afterEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
-import { doesContactExist } from "./contact";
+import { doesContactExistInWorkspace } from "./contact";

 // Mock prisma
 vi.mock("@formbricks/database", () => ({
@@ -21,24 +21,25 @@ vi.mock("react", async () => {
 });

 const contactId = "test-contact-id";
+const workspaceId = "test-workspace-id";

-describe("doesContactExist", () => {
+describe("doesContactExistInWorkspace", () => {
  afterEach(() => {
    vi.resetAllMocks();
  });

-  test("should return true if contact exists", async () => {
+  test("should return true if contact exists in the workspace", async () => {
    vi.mocked(prisma.contact.findFirst).mockResolvedValue({
      id: contactId,
      createdAt: new Date(),
      updatedAt: new Date(),
    } as any);

-    const result = await doesContactExist(contactId);
+    const result = await doesContactExistInWorkspace(contactId, workspaceId);

    expect(result).toBe(true);
    expect(prisma.contact.findFirst).toHaveBeenCalledWith({
-      where: { id: contactId },
+      where: { id: contactId, workspaceId },
      select: { id: true },
    });
  });
@@ -46,11 +47,11 @@ describe("doesContactExist", () => {
  test("should return false if contact does not exist in the workspace", async () => {
    vi.mocked(prisma.contact.findFirst).mockResolvedValue(null);

-    const result = await doesContactExist(contactId);
+    const result = await doesContactExistInWorkspace(contactId, workspaceId);

    expect(result).toBe(false);
    expect(prisma.contact.findFirst).toHaveBeenCalledWith({
-      where: { id: contactId },
+      where: { id: contactId, workspaceId },
      select: { id: true },
    });
  });
@@ -1,15 +1,18 @@
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";

-export const doesContactExist = reactCache(async (id: string): Promise<boolean> => {
-  const contact = await prisma.contact.findFirst({
-    where: {
-      id,
-    },
-    select: {
-      id: true,
-    },
-  });
+export const doesContactExistInWorkspace = reactCache(
+  async (id: string, workspaceId: string): Promise<boolean> => {
+    const contact = await prisma.contact.findFirst({
+      where: {
+        id,
+        workspaceId,
+      },
+      select: {
+        id: true,
+      },
+    });

-  return !!contact;
-});
+    return !!contact;
+  }
+);
@@ -9,7 +9,7 @@ import {
 } from "@formbricks/types/errors";
 import { validateInputs } from "@/lib/utils/validate";
 import { TDisplayCreateInputV2 } from "../types/display";
-import { doesContactExist } from "./contact";
+import { doesContactExistInWorkspace } from "./contact";
 import { createDisplay } from "./display";

 vi.mock("@/lib/utils/validate", () => ({
@@ -30,7 +30,7 @@ vi.mock("@formbricks/database", () => ({
 }));

 vi.mock("./contact", () => ({
-  doesContactExist: vi.fn(),
+  doesContactExistInWorkspace: vi.fn(),
 }));

 const workspaceId = "workspace-id-mock";
@@ -81,13 +81,13 @@ describe("createDisplay", () => {
  });

  test("should create a display with contactId successfully", async () => {
-    vi.mocked(doesContactExist).mockResolvedValue(true);
+    vi.mocked(doesContactExistInWorkspace).mockResolvedValue(true);
    vi.mocked(prisma.display.create).mockResolvedValue(mockDisplay);

    const result = await createDisplay(displayInput);

    expect(validateInputs).toHaveBeenCalledWith([displayInput, expect.any(Object)]);
-    expect(doesContactExist).toHaveBeenCalledWith(contactId);
+    expect(doesContactExistInWorkspace).toHaveBeenCalledWith(contactId, workspaceId);
    expect(prisma.display.create).toHaveBeenCalledWith({
      data: {
        survey: { connect: { id: surveyId } },
@@ -104,7 +104,7 @@ describe("createDisplay", () => {
    const result = await createDisplay(displayInputWithoutContact);

    expect(validateInputs).toHaveBeenCalledWith([displayInputWithoutContact, expect.any(Object)]);
-    expect(doesContactExist).not.toHaveBeenCalled();
+    expect(doesContactExistInWorkspace).not.toHaveBeenCalled();
    expect(prisma.display.create).toHaveBeenCalledWith({
      data: {
        survey: { connect: { id: surveyId } },
@@ -115,13 +115,13 @@ describe("createDisplay", () => {
  });

  test("should create a display without contact if contact does not exist in the workspace", async () => {
-    vi.mocked(doesContactExist).mockResolvedValue(false);
+    vi.mocked(doesContactExistInWorkspace).mockResolvedValue(false);
    vi.mocked(prisma.display.create).mockResolvedValue(mockDisplayWithoutContact); // Expect no contact connection

    const result = await createDisplay(displayInput);

    expect(validateInputs).toHaveBeenCalledWith([displayInput, expect.any(Object)]);
-    expect(doesContactExist).toHaveBeenCalledWith(contactId);
+    expect(doesContactExistInWorkspace).toHaveBeenCalledWith(contactId, workspaceId);
    expect(prisma.display.create).toHaveBeenCalledWith({
      data: {
        survey: { connect: { id: surveyId } },
@@ -139,16 +139,16 @@ describe("createDisplay", () => {
    });

    await expect(createDisplay(displayInput)).rejects.toThrow(ValidationError);
-    expect(doesContactExist).not.toHaveBeenCalled();
+    expect(doesContactExistInWorkspace).not.toHaveBeenCalled();
    expect(prisma.display.create).not.toHaveBeenCalled();
  });

  test("should throw InvalidInputError when survey does not exist (P2025)", async () => {
-    vi.mocked(doesContactExist).mockResolvedValue(true);
+    vi.mocked(doesContactExistInWorkspace).mockResolvedValue(true);
    vi.mocked(prisma.survey.findUnique).mockResolvedValue(null);

    await expect(createDisplay(displayInput)).rejects.toThrow(new ResourceNotFoundError("Survey", surveyId));
-    expect(doesContactExist).toHaveBeenCalledWith(contactId);
+    expect(doesContactExistInWorkspace).toHaveBeenCalledWith(contactId, workspaceId);
    expect(prisma.survey.findUnique).toHaveBeenCalledWith({
      where: { id: surveyId, workspaceId },
    });
@@ -158,7 +158,7 @@ describe("createDisplay", () => {
  test.each(["draft", "paused", "completed"])(
    "should throw InvalidInputError when survey status is %s",
    async (status) => {
-      vi.mocked(doesContactExist).mockResolvedValue(true);
+      vi.mocked(doesContactExistInWorkspace).mockResolvedValue(true);
      vi.mocked(prisma.survey.findUnique).mockResolvedValue({ ...mockSurvey, status } as any);

      await expect(createDisplay(displayInput)).rejects.toThrow(InvalidInputError);
@@ -171,7 +171,7 @@ describe("createDisplay", () => {
      code: "P2002",
      clientVersion: "2.0.0",
    });
-    vi.mocked(doesContactExist).mockResolvedValue(true);
+    vi.mocked(doesContactExistInWorkspace).mockResolvedValue(true);
    vi.mocked(prisma.display.create).mockRejectedValue(prismaError);

    await expect(createDisplay(displayInput)).rejects.toThrow(DatabaseError);
@@ -179,15 +179,15 @@ describe("createDisplay", () => {

  test("should throw original error on other errors during creation", async () => {
    const genericError = new Error("Something went wrong");
-    vi.mocked(doesContactExist).mockResolvedValue(true);
+    vi.mocked(doesContactExistInWorkspace).mockResolvedValue(true);
    vi.mocked(prisma.display.create).mockRejectedValue(genericError);

    await expect(createDisplay(displayInput)).rejects.toThrow(genericError);
  });

-  test("should throw original error if doesContactExist fails", async () => {
+  test("should throw original error if doesContactExistInWorkspace fails", async () => {
    const contactCheckError = new Error("Failed to check contact");
-    vi.mocked(doesContactExist).mockRejectedValue(contactCheckError);
+    vi.mocked(doesContactExistInWorkspace).mockRejectedValue(contactCheckError);

    await expect(createDisplay(displayInput)).rejects.toThrow(contactCheckError);
    expect(prisma.display.create).not.toHaveBeenCalled();
@@ -6,7 +6,7 @@ import {
  ZDisplayCreateInputV2,
 } from "@/app/api/v2/client/[workspaceId]/displays/types/display";
 import { validateInputs } from "@/lib/utils/validate";
-import { doesContactExist } from "./contact";
+import { doesContactExistInWorkspace } from "./contact";

 export const createDisplay = async (displayInput: TDisplayCreateInputV2): Promise<{ id: string }> => {
  validateInputs([displayInput, ZDisplayCreateInputV2]);
@@ -14,7 +14,7 @@ export const createDisplay = async (displayInput: TDisplayCreateInputV2): Promis
  const { contactId, surveyId, workspaceId } = displayInput;

  try {
-    const contactExists = contactId ? await doesContactExist(contactId) : false;
+    const contactExists = contactId ? await doesContactExistInWorkspace(contactId, workspaceId) : false;

    const survey = await prisma.survey.findUnique({
      where: {
@@ -49,18 +49,7 @@ const buildPrismaResponseData = (
  contact: { id: string; attributes: TContactAttributes } | null,
  ttc: Record<string, number>
 ): Prisma.ResponseCreateInput => {
-  const {
-    surveyId,
-    displayId,
-    finished,
-    data,
-    language,
-    meta,
-    singleUseId,
-    variables,
-    createdAt,
-    updatedAt,
-  } = responseInput;
+  const { surveyId, displayId, finished, data, language, meta, singleUseId, variables } = responseInput;

  return {
    survey: {
@@ -84,8 +73,6 @@ const buildPrismaResponseData = (
    singleUseId,
    ...(variables && { variables }),
    ttc: ttc,
-    createdAt,
-    updatedAt,
  };
 };

@@ -1859,6 +1859,7 @@ checksums:
    workspace/contacts/attribute_key_hint: 1a68c6f91e1a5cf9eff811e2e54e92b8
    workspace/contacts/attribute_key_placeholder: 31702e553b3f138a623dbaa42b6f878f
    workspace/contacts/attribute_key_required: 75f22558e9bafe7da2a549e75fab5f75
+    workspace/contacts/attribute_key_reserved_future_default: 2dbd2159bb6883bf56195448789ef72e
    workspace/contacts/attribute_key_safe_identifier_required: aece7d4708065ec5f110b82fc061621d
    workspace/contacts/attribute_label: a5c71bf158481233f8215dbd38cc196b
    workspace/contacts/attribute_label_placeholder: bf5106cb14d2ec0c21e7d8b4ab1f3a93
@@ -1893,6 +1894,7 @@ checksums:
    workspace/contacts/generate_personal_link: 9ac0865f6876d40fe858f94eae781eb8
    workspace/contacts/generate_personal_link_description: b9dbaf9e2d8362505b7e3cfa40f415a6
    workspace/contacts/invalid_csv_column_names: dcb8534e7d4c00b9ea7bdaf389f72328
+    workspace/contacts/invalid_csv_reserved_column_names: 6fef9d55e3dd298fea069404c9aaa474
    workspace/contacts/invalid_date_format: 5bad9730ac5a5bacd0792098f712b1c4
    workspace/contacts/invalid_number_format: bd0422507385f671c3046730a6febc64
    workspace/contacts/no_activity_yet: f88897ac05afd6bf8af0d4834ad24ffc
@@ -4,6 +4,7 @@ import {
  assertOrganizationAIConfigured,
  generateOrganizationAIText,
  getAIDataAnalysisUnavailableReason,
+  getAISmartToolsUnavailableReason,
  getOrganizationAIConfig,
  isInstanceAIConfigured,
 } from "./service";
@@ -207,4 +208,47 @@ describe("AI organization service", () => {
      );
    });
  });
+
+  describe("getAISmartToolsUnavailableReason", () => {
+    const baseConfig = {
+      organizationId: "org_1",
+      isAISmartToolsEntitled: true,
+      isAISmartToolsEnabled: true,
+      isAIDataAnalysisEntitled: true,
+      isAIDataAnalysisEnabled: true,
+      isInstanceConfigured: true,
+    };
+
+    test("returns undefined when all checks pass", () => {
+      expect(getAISmartToolsUnavailableReason(baseConfig)).toBeUndefined();
+    });
+
+    test("returns not_in_plan when smart tools entitlement is missing", () => {
+      expect(getAISmartToolsUnavailableReason({ ...baseConfig, isAISmartToolsEntitled: false })).toBe(
+        "not_in_plan"
+      );
+    });
+
+    test("returns not_enabled when smart tools is disabled at org level", () => {
+      expect(getAISmartToolsUnavailableReason({ ...baseConfig, isAISmartToolsEnabled: false })).toBe(
+        "not_enabled"
+      );
+    });
+
+    test("returns instance_not_configured when instance AI is missing", () => {
+      expect(getAISmartToolsUnavailableReason({ ...baseConfig, isInstanceConfigured: false })).toBe(
+        "instance_not_configured"
+      );
+    });
+
+    test("ignores data-analysis flags (smart tools is independent of data analysis state)", () => {
+      expect(
+        getAISmartToolsUnavailableReason({
+          ...baseConfig,
+          isAIDataAnalysisEntitled: false,
+          isAIDataAnalysisEnabled: false,
+        })
+      ).toBeUndefined();
+    });
+  });
 });
@@ -59,6 +59,15 @@ export const getAIDataAnalysisUnavailableReason = (
  return undefined;
 };

+export const getAISmartToolsUnavailableReason = (
+  aiConfig: TOrganizationAIConfig
+): TAIUnavailableReason | undefined => {
+  if (!aiConfig.isAISmartToolsEntitled) return "not_in_plan";
+  if (!aiConfig.isAISmartToolsEnabled) return "not_enabled";
+  if (!aiConfig.isInstanceConfigured) return "instance_not_configured";
+  return undefined;
+};
+
 export const assertOrganizationAIConfigured = async (
  organizationId: string,
  capability: "smartTools" | "dataAnalysis"
@@ -1,5 +1,6 @@
 import "server-only";
 import { Prisma } from "@prisma/client";
+import type { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 import { PrismaErrorType } from "@formbricks/database/types/error";
@@ -212,7 +213,7 @@ export const deleteConnector = async (connectorId: string, workspaceId: string):

 // -- Composite functions --

-const mapUniqueConstraintError = (error: Prisma.PrismaClientKnownRequestError): InvalidInputError => {
+const mapUniqueConstraintError = (error: PrismaClientKnownRequestError): InvalidInputError => {
  const target = error.meta?.target;
  const targetFields = Array.isArray(target) ? (target as string[]) : [];
  if (targetFields.includes("elementId") || targetFields.includes("surveyId")) {
@@ -38,6 +38,50 @@ describe("convertToCsv", () => {

    parseSpy.mockRestore();
  });
+
+  test("should defang formula injection payloads in cell values", async () => {
+    const payloads = [
+      '=HYPERLINK("https://evil.tld","Click")',
+      "+1+1",
+      "-2+3",
+      "@SUM(A1:A2)",
+      "\tleading-tab",
+      "\rleading-cr",
+    ];
+    const rows = payloads.map((p) => ({ name: p, age: 0 }));
+    const csv = await convertToCsv(["name", "age"], rows);
+    const lines = csv.trim().split("\n").slice(1); // drop header
+    payloads.forEach((p, i) => {
+      // each value should be prefixed with a single quote so the spreadsheet
+      // app treats it as text rather than a formula
+      expect(lines[i].startsWith(`"'${p.charAt(0)}`)).toBe(true);
+    });
+  });
+
+  test("should defang formula injection in field/header names", async () => {
+    const csv = await convertToCsv(["=evil", "age"], [{ "=evil": "x", age: 1 }]);
+    const lines = csv.trim().split("\n");
+    expect(lines[0]).toBe('"\'=evil","age"');
+    expect(lines[1]).toBe('"x",1');
+  });
+
+  test("should not alter benign strings", async () => {
+    const csv = await convertToCsv(["name"], [{ name: "Alice = Bob" }]);
+    const lines = csv.trim().split("\n");
+    expect(lines[1]).toBe('"Alice = Bob"');
+  });
+
+  test("should preserve distinct columns whose labels collide after sanitization", async () => {
+    // "=field" and "'=field" both render as "'=field" once defanged, but the
+    // underlying row keys must stay distinct so neither cell is dropped.
+    const csv = await convertToCsv(
+      ["=field", "'=field"],
+      [{ "=field": "a", "'=field": "b" }]
+    );
+    const lines = csv.trim().split("\n");
+    expect(lines[0]).toBe('"\'=field","\'=field"');
+    expect(lines[1]).toBe('"a","b"');
+  });
 });

 describe("convertToXlsxBuffer", () => {
@@ -60,4 +104,54 @@ describe("convertToXlsxBuffer", () => {
    const cleaned = raw.map(({ __rowNum__, ...rest }) => rest);
    expect(cleaned).toEqual(data);
  });
+
+  test("should defang formula injection payloads in xlsx cells", () => {
+    const payloads = [
+      '=HYPERLINK("https://evil.tld","Click")',
+      "+1+1",
+      "-2+3",
+      "@SUM(A1:A2)",
+      "\tleading-tab",
+      "\rleading-cr",
+    ];
+    const rows = payloads.map((p) => ({ name: p }));
+    const buffer = convertToXlsxBuffer(["name"], rows);
+    const wb = xlsx.read(buffer, { type: "buffer" });
+    const sheet = wb.Sheets["Sheet1"];
+    payloads.forEach((p, i) => {
+      const cell = sheet[`A${i + 2}`]; // row 1 is header
+      // value stored as plain text, not as a formula (no `f` property)
+      expect(cell.f).toBeUndefined();
+      expect(cell.v).toBe(`'${p}`);
+    });
+  });
+
+  test("should defang formula injection in xlsx header names", () => {
+    const buffer = convertToXlsxBuffer(["=evil", "name"], [{ "=evil": "x", name: "Alice" }]);
+    const wb = xlsx.read(buffer, { type: "buffer" });
+    const sheet = wb.Sheets["Sheet1"];
+    const headerCell = sheet["A1"];
+    expect(headerCell.f).toBeUndefined();
+    expect(headerCell.v).toBe("'=evil");
+    // benign header untouched
+    expect(sheet["B1"].v).toBe("name");
+    // data row mapped via original key
+    expect(sheet["A2"].v).toBe("x");
+    expect(sheet["B2"].v).toBe("Alice");
+  });
+
+  test("should preserve distinct xlsx columns whose labels collide after sanitization", () => {
+    // Original keys "=field" and "'=field" both render as "'=field"; ensure
+    // both cells survive instead of one overwriting the other.
+    const buffer = convertToXlsxBuffer(
+      ["=field", "'=field"],
+      [{ "=field": "a", "'=field": "b" }]
+    );
+    const wb = xlsx.read(buffer, { type: "buffer" });
+    const sheet = wb.Sheets["Sheet1"];
+    expect(sheet["A1"].v).toBe("'=field");
+    expect(sheet["B1"].v).toBe("'=field");
+    expect(sheet["A2"].v).toBe("a");
+    expect(sheet["B2"].v).toBe("b");
+  });
 });
@@ -2,11 +2,30 @@ import { AsyncParser } from "@json2csv/node";
 import * as xlsx from "xlsx";
 import { logger } from "@formbricks/logger";

+// Defang spreadsheet formula injection. Cell values starting with
+// =, +, -, @, tab, or CR are evaluated as formulas by Excel/Sheets/Numbers.
+// Sanitize at the render boundary only — never rewrite row keys, since
+// distinct user-controlled labels could collide after prefixing (e.g.
+// "=field" and "'=field" both map to "'=field"), dropping cell data.
+const FORMULA_TRIGGER = /^[=+\-@\t\r]/;
+
+const sanitizeFormulaInjection = <T>(value: T): T => {
+  if (typeof value === "string" && FORMULA_TRIGGER.test(value)) {
+    return `'${value}` as T;
+  }
+  return value;
+};
+
 export const convertToCsv = async (fields: string[], jsonData: Record<string, string | number>[]) => {
  let csv: string = "";

+  // Field descriptors preserve the original lookup key while overriding the
+  // rendered label and cell value with sanitized versions.
  const parser = new AsyncParser({
-    fields,
+    fields: fields.map((name) => ({
+      label: sanitizeFormulaInjection(name),
+      value: (row: Record<string, string | number>) => sanitizeFormulaInjection(row[name]),
+    })),
  });

  try {
@@ -23,8 +42,13 @@ export const convertToXlsxBuffer = (
  fields: string[],
  jsonData: Record<string, string | number>[]
 ): Buffer => {
+  // Build as array-of-arrays so original row keys are looked up before
+  // sanitization is applied to the rendered header/cell only.
+  const headerRow = fields.map(sanitizeFormulaInjection);
+  const dataRows = jsonData.map((row) => fields.map((name) => sanitizeFormulaInjection(row[name])));
+
  const wb = xlsx.utils.book_new();
-  const ws = xlsx.utils.json_to_sheet(jsonData, { header: fields });
+  const ws = xlsx.utils.aoa_to_sheet([headerRow, ...dataRows]);
  xlsx.utils.book_append_sheet(wb, ws, "Sheet1");
  return xlsx.write(wb, { type: "buffer", bookType: "xlsx" });
 };
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Nur Kleinbuchstaben, Zahlen und Unterstriche. Muss mit einem Buchstaben beginnen.",
      "attribute_key_placeholder": "z. B. geburtsdatum",
      "attribute_key_required": "Schlüssel ist erforderlich",
+      "attribute_key_reserved_future_default": "Der Schlüssel ist für zukünftige Standardattribute reserviert ({reservedKeys}). Bitte wähle einen anderen Schlüssel.",
      "attribute_key_safe_identifier_required": "Schlüssel muss ein sicherer Identifikator sein: nur Kleinbuchstaben, Zahlen und Unterstriche, und muss mit einem Buchstaben beginnen",
      "attribute_label": "Bezeichnung",
      "attribute_label_placeholder": "z. B. Geburtsdatum",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Persönlichen Link erstellen",
      "generate_personal_link_description": "Wähle eine veröffentlichte Umfrage aus, um einen personalisierten Link für diesen Kontakt zu erstellen.",
      "invalid_csv_column_names": "Ungültige CSV-Spaltennamen: {columns}. Spaltennamen, die zu neuen Attributen werden, dürfen nur Kleinbuchstaben, Zahlen und Unterstriche enthalten und müssen mit einem Buchstaben beginnen.",
+      "invalid_csv_reserved_column_names": "Reservierte CSV-Spaltennamen: {columns}. Diese Namen sind für zukünftige Standardattribute ({reservedKeys}) reserviert und können nicht als neue Attribute erstellt werden.",
      "invalid_date_format": "Ungültiges Datumsformat. Bitte verwende ein gültiges Datum.",
      "invalid_number_format": "Ungültiges Zahlenformat. Bitte gib eine gültige Zahl ein.",
      "no_activity_yet": "Noch keine Aktivität",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Only lowercase letters, numbers, and underscores. Must start with a letter.",
      "attribute_key_placeholder": "e.g. date_of_birth",
      "attribute_key_required": "Key is required",
+      "attribute_key_reserved_future_default": "Key is reserved for future default attributes ({reservedKeys}). Please choose a different key.",
      "attribute_key_safe_identifier_required": "Key must be a safe identifier: only lowercase letters, numbers, and underscores, and must start with a letter",
      "attribute_label": "Label",
      "attribute_label_placeholder": "e.g. Date of Birth",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Generate Personal Link",
      "generate_personal_link_description": "Select a published survey to generate a personalized link for this contact.",
      "invalid_csv_column_names": "Invalid CSV column name(s): {columns}. Column names that will become new attributes must only contain lowercase letters, numbers, and underscores, and must start with a letter.",
+      "invalid_csv_reserved_column_names": "Reserved CSV column name(s): {columns}. These names are reserved for future default attributes ({reservedKeys}) and cannot be created as new attributes.",
      "invalid_date_format": "Invalid date format. Please use a valid date.",
      "invalid_number_format": "Invalid number format. Please enter a valid number.",
      "no_activity_yet": "No activity yet",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Solo letras minúsculas, números y guiones bajos. Debe empezar con una letra.",
      "attribute_key_placeholder": "p. ej. fecha_de_nacimiento",
      "attribute_key_required": "La clave es obligatoria",
+      "attribute_key_reserved_future_default": "La clave está reservada para atributos predeterminados futuros ({reservedKeys}). Por favor, elige una clave diferente.",
      "attribute_key_safe_identifier_required": "La clave debe ser un identificador seguro: solo letras minúsculas, números y guiones bajos, y debe empezar con una letra",
      "attribute_label": "Etiqueta",
      "attribute_label_placeholder": "p. ej. fecha de nacimiento",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Generar enlace personal",
      "generate_personal_link_description": "Selecciona una encuesta publicada para generar un enlace personalizado para este contacto.",
      "invalid_csv_column_names": "Nombre(s) de columna CSV no válido(s): {columns}. Los nombres de columna que se convertirán en nuevos atributos solo deben contener letras minúsculas, números y guiones bajos, y deben comenzar con una letra.",
+      "invalid_csv_reserved_column_names": "Nombre(s) de columna CSV reservado(s): {columns}. Estos nombres están reservados para atributos predeterminados futuros ({reservedKeys}) y no se pueden crear como nuevos atributos.",
      "invalid_date_format": "Formato de fecha no válido. Por favor, usa una fecha válida.",
      "invalid_number_format": "Formato de número no válido. Por favor, introduce un número válido.",
      "no_activity_yet": "Aún no hay actividad",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Uniquement des lettres minuscules, des chiffres et des underscores. Doit commencer par une lettre.",
      "attribute_key_placeholder": "ex. date_de_naissance",
      "attribute_key_required": "La clé est requise",
+      "attribute_key_reserved_future_default": "La clé est réservée pour les attributs par défaut futurs ({reservedKeys}). Veuillez choisir une clé différente.",
      "attribute_key_safe_identifier_required": "La clé doit être un identifiant sûr : uniquement des lettres minuscules, des chiffres et des underscores, et doit commencer par une lettre",
      "attribute_label": "Étiquette",
      "attribute_label_placeholder": "ex. Date de naissance",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Générer un lien personnel",
      "generate_personal_link_description": "Sélectionnez une enquête publiée pour générer un lien personnalisé pour ce contact.",
      "invalid_csv_column_names": "Nom(s) de colonne CSV invalide(s) : {columns}. Les noms de colonnes qui deviendront de nouveaux attributs ne doivent contenir que des lettres minuscules, des chiffres et des underscores, et doivent commencer par une lettre.",
+      "invalid_csv_reserved_column_names": "Nom(s) de colonne CSV réservé(s) : {columns}. Ces noms sont réservés pour les attributs par défaut futurs ({reservedKeys}) et ne peuvent pas être créés en tant que nouveaux attributs.",
      "invalid_date_format": "Format de date invalide. Merci d'utiliser une date valide.",
      "invalid_number_format": "Format de nombre invalide. Veuillez saisir un nombre valide.",
      "no_activity_yet": "Aucune activité pour le moment",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Csak ékezet nélküli kisbetűk, számok és aláhúzásjelek használhatók. Betűvel kell kezdődnie.",
      "attribute_key_placeholder": "például: szuletesi_ido",
      "attribute_key_required": "A kulcs kötelező",
+      "attribute_key_reserved_future_default": "A kulcs le van foglalva jövőbeli alapértelmezett attribútumok számára ({reservedKeys}). Kérem, válasszon egy másik kulcsot.",
      "attribute_key_safe_identifier_required": "A kulcs csak biztonságos azonosító lehet: csak ékezet nélküli kisbetűk, számok és aláhúzásjelek használhatók, és betűvel kell kezdődnie",
      "attribute_label": "Címke",
      "attribute_label_placeholder": "például: Születési idő",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Személyes hivatkozás előállítása",
      "generate_personal_link_description": "Válasszon egy közzétett kérdőívet, hogy személyre szabott hivatkozást állítson elő ehhez a partnerhez.",
      "invalid_csv_column_names": "Érvénytelen CSV-oszlopnevek: {columns}. Az új attribútumokká váló oszlopnevek csak ékezet nélküli kisbetűket, számokat és aláhúzásjeleket tartalmazhatnak, valamint betűvel kell kezdődniük.",
+      "invalid_csv_reserved_column_names": "Fenntartott CSV oszlopnév/nevek: {columns}. Ezek a nevek le vannak foglalva jövőbeli alapértelmezett attribútumok számára ({reservedKeys}), és nem hozhatók létre új attribútumokként.",
      "invalid_date_format": "Érvénytelen dátumformátum. Használjon érvényes dátumot.",
      "invalid_number_format": "Érvénytelen számformátum. Adjon meg érvényes számot.",
      "no_activity_yet": "Még nincs tevékenység",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "小文字のアルファベット、数字、アンダースコアのみ使用可能です。アルファベットで始める必要があります。",
      "attribute_key_placeholder": "例: date_of_birth",
      "attribute_key_required": "キーは必須です",
+      "attribute_key_reserved_future_default": "このキーは将来のデフォルト属性用に予約されています（{reservedKeys}）。別のキーを選択してください。",
      "attribute_key_safe_identifier_required": "キーは安全な識別子である必要があります: 小文字のアルファベット、数字、アンダースコアのみ使用可能で、アルファベットで始める必要があります",
      "attribute_label": "ラベル",
      "attribute_label_placeholder": "例: 生年月日",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "個人リンクを生成",
      "generate_personal_link_description": "公開されたフォームを選択して、この連絡先用のパーソナライズされたリンクを生成します。",
      "invalid_csv_column_names": "無効なCSV列名: {columns}。新しい属性となる列名は、小文字、数字、アンダースコアのみを含み、文字で始まる必要があります。",
+      "invalid_csv_reserved_column_names": "予約されたCSV列名: {columns}。これらの名前は将来のデフォルト属性（{reservedKeys}）用に予約されており、新しい属性として作成できません。",
      "invalid_date_format": "無効な日付形式です。有効な日付を使用してください。",
      "invalid_number_format": "無効な数値形式です。有効な数値を入力してください。",
      "no_activity_yet": "まだアクティビティがありません",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Alleen kleine letters, cijfers en onderstrepingstekens. Moet beginnen met een letter.",
      "attribute_key_placeholder": "bijv. geboortedatum",
      "attribute_key_required": "Sleutel is verplicht",
+      "attribute_key_reserved_future_default": "Sleutel is gereserveerd voor toekomstige standaardattributen ({reservedKeys}). Kies een andere sleutel.",
      "attribute_key_safe_identifier_required": "Sleutel moet een veilige identifier zijn: alleen kleine letters, cijfers en onderstrepingstekens, en moet beginnen met een letter",
      "attribute_label": "Label",
      "attribute_label_placeholder": "bijv. Geboortedatum",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Persoonlijke link genereren",
      "generate_personal_link_description": "Selecteer een gepubliceerde enquête om een gepersonaliseerde link voor dit contact te genereren.",
      "invalid_csv_column_names": "Ongeldige CSV-kolomna(a)m(en): {columns}. Kolomnamen die nieuwe kenmerken worden, mogen alleen kleine letters, cijfers en underscores bevatten en moeten beginnen met een letter.",
+      "invalid_csv_reserved_column_names": "Gereserveerde CSV-kolomnaam/namen: {columns}. Deze namen zijn gereserveerd voor toekomstige standaardattributen ({reservedKeys}) en kunnen niet als nieuwe attributen worden aangemaakt.",
      "invalid_date_format": "Ongeldig datumformaat. Gebruik een geldige datum.",
      "invalid_number_format": "Ongeldig getalformaat. Voer een geldig getal in.",
      "no_activity_yet": "Nog geen activiteit",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Apenas letras minúsculas, números e underscores. Deve começar com uma letra.",
      "attribute_key_placeholder": "ex: data_de_nascimento",
      "attribute_key_required": "A chave é obrigatória",
+      "attribute_key_reserved_future_default": "A chave está reservada para atributos padrão futuros ({reservedKeys}). Por favor, escolha uma chave diferente.",
      "attribute_key_safe_identifier_required": "A chave deve ser um identificador seguro: apenas letras minúsculas, números e underscores, e deve começar com uma letra",
      "attribute_label": "Etiqueta",
      "attribute_label_placeholder": "ex: Data de nascimento",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Gerar link pessoal",
      "generate_personal_link_description": "Selecione uma pesquisa publicada para gerar um link personalizado para este contato.",
      "invalid_csv_column_names": "Nome(s) de coluna CSV inválido(s): {columns}. Os nomes de colunas que se tornarão novos atributos devem conter apenas letras minúsculas, números e sublinhados, e devem começar com uma letra.",
+      "invalid_csv_reserved_column_names": "Nome(s) de coluna CSV reservado(s): {columns}. Esses nomes estão reservados para atributos padrão futuros ({reservedKeys}) e não podem ser criados como novos atributos.",
      "invalid_date_format": "Formato de data inválido. Por favor, use uma data válida.",
      "invalid_number_format": "Formato de número inválido. Por favor, insira um número válido.",
      "no_activity_yet": "Nenhuma atividade ainda",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Apenas letras minúsculas, números e sublinhados. Deve começar com uma letra.",
      "attribute_key_placeholder": "ex. data_de_nascimento",
      "attribute_key_required": "A chave é obrigatória",
+      "attribute_key_reserved_future_default": "A chave está reservada para atributos padrão futuros ({reservedKeys}). Por favor, escolhe uma chave diferente.",
      "attribute_key_safe_identifier_required": "A chave deve ser um identificador seguro: apenas letras minúsculas, números e sublinhados, e deve começar com uma letra",
      "attribute_label": "Etiqueta",
      "attribute_label_placeholder": "ex. Data de nascimento",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Gerar Link Pessoal",
      "generate_personal_link_description": "Selecione um inquérito publicado para gerar um link personalizado para este contacto.",
      "invalid_csv_column_names": "Nome(s) de coluna CSV inválido(s): {columns}. Os nomes de colunas que se tornarão novos atributos devem conter apenas letras minúsculas, números e underscores, e devem começar com uma letra.",
+      "invalid_csv_reserved_column_names": "Nome(s) de coluna CSV reservado(s): {columns}. Estes nomes estão reservados para atributos padrão futuros ({reservedKeys}) e não podem ser criados como novos atributos.",
      "invalid_date_format": "Formato de data inválido. Por favor, usa uma data válida.",
      "invalid_number_format": "Formato de número inválido. Por favor, introduz um número válido.",
      "no_activity_yet": "Ainda sem atividade",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Doar litere mici, cifre și caractere de subliniere. Trebuie să înceapă cu o literă.",
      "attribute_key_placeholder": "ex: date_of_birth",
      "attribute_key_required": "Cheia este obligatorie",
+      "attribute_key_reserved_future_default": "Cheia este rezervată pentru atribute implicite viitoare ({reservedKeys}). Te rugăm să alegi o cheie diferită.",
      "attribute_key_safe_identifier_required": "Cheia trebuie să fie un identificator sigur: doar litere mici, cifre și caractere de subliniere, și trebuie să înceapă cu o literă",
      "attribute_label": "Etichetă",
      "attribute_label_placeholder": "ex: Data nașterii",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Generează link personal",
      "generate_personal_link_description": "Selectați un sondaj publicat pentru a genera un link personalizat pentru acest contact.",
      "invalid_csv_column_names": "Nume de coloană CSV nevalide: {columns}. Numele coloanelor care vor deveni atribute noi trebuie să conțină doar litere mici, cifre și caractere de subliniere și trebuie să înceapă cu o literă.",
+      "invalid_csv_reserved_column_names": "Nume de coloană CSV rezervate: {columns}. Aceste nume sunt rezervate pentru atribute implicite viitoare ({reservedKeys}) și nu pot fi create ca atribute noi.",
      "invalid_date_format": "Format de dată invalid. Te rugăm să folosești o dată validă.",
      "invalid_number_format": "Format de număr invalid. Te rugăm să introduci un număr valid.",
      "no_activity_yet": "Nicio activitate încă",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Только строчные буквы, цифры и символы подчёркивания. Должен начинаться с буквы.",
      "attribute_key_placeholder": "например, date_of_birth",
      "attribute_key_required": "Ключ обязателен",
+      "attribute_key_reserved_future_default": "Ключ зарезервирован для будущих атрибутов по умолчанию ({reservedKeys}). Пожалуйста, выбери другой ключ.",
      "attribute_key_safe_identifier_required": "Ключ должен быть безопасным идентификатором: только строчные буквы, цифры и символы подчёркивания, и должен начинаться с буквы",
      "attribute_label": "Метка",
      "attribute_label_placeholder": "например, дата рождения",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Сгенерировать персональную ссылку",
      "generate_personal_link_description": "Выберите опубликованный опрос, чтобы сгенерировать персональную ссылку для этого контакта.",
      "invalid_csv_column_names": "Недопустимые имена столбцов в CSV: {columns}. Имена столбцов, которые станут новыми атрибутами, должны содержать только строчные буквы, цифры и подчёркивания, а также начинаться с буквы.",
+      "invalid_csv_reserved_column_names": "Зарезервированные названия столбцов CSV: {columns}. Эти названия зарезервированы для будущих атрибутов по умолчанию ({reservedKeys}) и не могут быть созданы как новые атрибуты.",
      "invalid_date_format": "Неверный формат даты. Пожалуйста, используйте корректную дату.",
      "invalid_number_format": "Неверный формат числа. Пожалуйста, введите корректное число.",
      "no_activity_yet": "Пока нет активности",
@@ -2429,7 +2431,7 @@
        "most_popular": "Самый популярный",
        "pending_change_removed": "Запланированное изменение тарифа отменено.",
        "pending_plan_badge": "Запланирован",
-        "pending_plan_change_description": "Твой тариф сменится на {plan} {date}.",
+        "pending_plan_change_description": "Твой тариф сменится на {plan} на {date}.",
        "pending_plan_change_title": "Запланированное изменение тарифа",
        "pending_plan_cta": "Запланирован",
        "per_month": "в месяц",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Endast små bokstäver, siffror och understreck. Måste börja med en bokstav.",
      "attribute_key_placeholder": "t.ex. date_of_birth",
      "attribute_key_required": "Nyckel krävs",
+      "attribute_key_reserved_future_default": "Nyckeln är reserverad för framtida standardattribut ({reservedKeys}). Välj en annan nyckel.",
      "attribute_key_safe_identifier_required": "Nyckeln måste vara en säker identifierare: endast små bokstäver, siffror och understreck, och måste börja med en bokstav",
      "attribute_label": "Etikett",
      "attribute_label_placeholder": "t.ex. Födelsedatum",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Generera personlig länk",
      "generate_personal_link_description": "Välj en publicerad enkät för att generera en personlig länk för denna kontakt.",
      "invalid_csv_column_names": "Ogiltiga CSV-kolumnnamn: {columns}. Kolumnnamn som ska bli nya attribut får bara innehålla små bokstäver, siffror och understreck, och måste börja med en bokstav.",
+      "invalid_csv_reserved_column_names": "Reserverade CSV-kolumnnamn: {columns}. Dessa namn är reserverade för framtida standardattribut ({reservedKeys}) och kan inte skapas som nya attribut.",
      "invalid_date_format": "Ogiltigt datumformat. Ange ett giltigt datum.",
      "invalid_number_format": "Ogiltigt nummerformat. Ange ett giltigt nummer.",
      "no_activity_yet": "Ingen aktivitet än",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Yalnızca küçük harfler, rakamlar ve alt çizgiler. Bir harfle başlamalıdır.",
      "attribute_key_placeholder": "örn. dogum_tarihi",
      "attribute_key_required": "Anahtar gereklidir",
+      "attribute_key_reserved_future_default": "Anahtar, gelecekteki varsayılan özellikler için ayrılmıştır ({reservedKeys}). Lütfen farklı bir anahtar seçin.",
      "attribute_key_safe_identifier_required": "Anahtar güvenli bir tanımlayıcı olmalıdır: yalnızca küçük harfler, rakamlar ve alt çizgiler içermeli ve bir harfle başlamalıdır",
      "attribute_label": "Etiket",
      "attribute_label_placeholder": "örn. Doğum Tarihi",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Kişisel Bağlantı Oluştur",
      "generate_personal_link_description": "Bu kişi için kişiselleştirilmiş bir bağlantı oluşturmak üzere yayınlanmış bir anket seç.",
      "invalid_csv_column_names": "Geçersiz CSV sütun adı/adları: {columns}. Yeni özellik olacak sütun adları yalnızca küçük harf, rakam ve alt çizgi içerebilir ve bir harfle başlamalıdır.",
+      "invalid_csv_reserved_column_names": "Ayrılmış CSV sütun adı/adları: {columns}. Bu adlar gelecekteki varsayılan özellikler ({reservedKeys}) için ayrılmıştır ve yeni özellik olarak oluşturulamaz.",
      "invalid_date_format": "Geçersiz tarih formatı. Lütfen geçerli bir tarih kullanın.",
      "invalid_number_format": "Geçersiz sayı formatı. Lütfen geçerli bir sayı girin.",
      "no_activity_yet": "Henüz aktivite yok",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "仅允许小写字母、数字和下划线，且必须以字母开头。",
      "attribute_key_placeholder": "例如：date_of_birth",
      "attribute_key_required": "键为必填项",
+      "attribute_key_reserved_future_default": "该键已保留用于未来的默认属性（{reservedKeys}）。请选择其他键。",
      "attribute_key_safe_identifier_required": "键必须为安全标识符：仅允许小写字母、数字和下划线，且必须以字母开头",
      "attribute_label": "标签",
      "attribute_label_placeholder": "例如：出生日期",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "生成个人链接",
      "generate_personal_link_description": "选择一个已发布的调查，为此联系人生成个性化链接。",
      "invalid_csv_column_names": "无效的 CSV 列名：{columns}。作为新属性的列名只能包含小写字母、数字和下划线，并且必须以字母开头。",
+      "invalid_csv_reserved_column_names": "CSV 列名已被保留：{columns}。这些名称已保留用于未来的默认属性（{reservedKeys}），无法创建为新属性。",
      "invalid_date_format": "日期格式无效。请使用有效日期。",
      "invalid_number_format": "数字格式无效。请输入有效的数字。",
      "no_activity_yet": "暂无活动",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "僅限小寫字母、數字和底線，且必須以字母開頭。",
      "attribute_key_placeholder": "例如：date_of_birth",
      "attribute_key_required": "金鑰為必填項目",
+      "attribute_key_reserved_future_default": "此鍵已保留供未來預設屬性使用（{reservedKeys}）。請選擇其他鍵。",
      "attribute_key_safe_identifier_required": "金鑰必須為安全識別字：僅限小寫字母、數字和底線，且必須以字母開頭",
      "attribute_label": "標籤",
      "attribute_label_placeholder": "例如：出生日期",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "產生個人連結",
      "generate_personal_link_description": "選擇一個已發佈的問卷，為此聯絡人產生個人化連結。",
      "invalid_csv_column_names": "無效的 CSV 欄位名稱：{columns}。作為新屬性的欄位名稱只能包含小寫字母、數字和底線，且必須以字母開頭。",
+      "invalid_csv_reserved_column_names": "保留的 CSV 欄位名稱：{columns}。這些名稱已保留供未來預設屬性使用（{reservedKeys}），無法建立為新屬性。",
      "invalid_date_format": "日期格式無效。請使用有效的日期。",
      "invalid_number_format": "數字格式無效。請輸入有效的數字。",
      "no_activity_yet": "尚無活動",
@@ -10,6 +10,10 @@ import {
  TGetContactAttributeKeysFilter,
 } from "@/modules/api/v2/management/contact-attribute-keys/types/contact-attribute-keys";
 import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
+import {
+  getReservedFutureDefaultAttributeKeyIssue,
+  isReservedFutureDefaultAttributeKey,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";

 export const getContactAttributeKeys = reactCache(
  async (workspaceIds: string[], params: TGetContactAttributeKeysFilter) => {
@@ -45,6 +49,13 @@ export const createContactAttributeKey = async (
 ): Promise<Result<ContactAttributeKey, ApiErrorResponseV2>> => {
  const { workspaceId, name, description, key, dataType } = contactAttributeKey;

+  if (isReservedFutureDefaultAttributeKey(key)) {
+    return err({
+      type: "bad_request",
+      details: [{ field: "key", issue: getReservedFutureDefaultAttributeKeyIssue([key]) }],
+    });
+  }
+
  try {
    const prismaData: Prisma.ContactAttributeKeyCreateInput = {
      workspace: {
@@ -105,6 +105,28 @@ describe("createContactAttributeKey", () => {
    }
  });

+  test("returns bad request when key is reserved for future defaults", async () => {
+    const result = await createContactAttributeKey({
+      ...inputContactAttributeKey,
+      key: "user_id",
+    });
+    expect(result.ok).toBe(false);
+    expect(prisma.contactAttributeKey.create).not.toHaveBeenCalled();
+
+    if (!result.ok) {
+      expect(result.error).toStrictEqual({
+        type: "bad_request",
+        details: [
+          {
+            field: "key",
+            issue:
+              "Reserved attribute key(s): user_id. These keys are reserved for the v5.1 safe-identifier default attribute migration and cannot be created as custom attributes.",
+          },
+        ],
+      });
+    }
+  });
+
  test("returns conflict error when key already exists", async () => {
    const errToThrow = new Prisma.PrismaClientKnownRequestError("Mock error message", {
      code: PrismaErrorType.UniqueConstraintViolation,
@@ -2,6 +2,10 @@ import { z } from "zod";
 import { ZContactAttributeKey } from "@formbricks/database/zod/contact-attribute-keys";
 import { isSafeIdentifier } from "@/lib/utils/safe-identifier";
 import { ZGetFilter } from "@/modules/api/v2/types/api-filter";
+import {
+  getReservedFutureDefaultAttributeKeyIssue,
+  isReservedFutureDefaultAttributeKey,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";

 export const ZGetContactAttributeKeysFilter = ZGetFilter.extend({})
  .refine(
@@ -38,6 +42,14 @@ export const ZContactAttributeKeyInput = ZContactAttributeKey.pick({
        path: ["key"],
      });
    }
+
+    if (isReservedFutureDefaultAttributeKey(data.key)) {
+      ctx.addIssue({
+        code: "custom",
+        message: getReservedFutureDefaultAttributeKeyIssue([data.key]),
+        path: ["key"],
+      });
+    }
  })
  .meta({
    id: "contactAttributeKeyInput",
@@ -65,6 +77,14 @@ export const ZContactAttributeKeyCreateInput = ZContactAttributeKey.pick({
        path: ["key"],
      });
    }
+
+    if (isReservedFutureDefaultAttributeKey(data.key)) {
+      ctx.addIssue({
+        code: "custom",
+        message: getReservedFutureDefaultAttributeKeyIssue([data.key]),
+        path: ["key"],
+      });
+    }
  })
  .meta({
    id: "contactAttributeKeyCreateInput",
@@ -2,7 +2,7 @@ import { Prisma } from "@prisma/client";
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { PrismaErrorType } from "@formbricks/database/types/error";
-import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { InvalidInputError, ResourceNotFoundError, ValidationError } from "@formbricks/types/errors";
 import { mockUser } from "./mock-data";
 import { createUser, getUser, getUserByEmail, updateUser, updateUserLastLoginAt } from "./user";

@@ -53,6 +53,41 @@ describe("User Management", () => {
      expect(result).toEqual(mockPrismaUser);
    });

+    test("creates a user with an Azure AD enterprise display name", async () => {
+      const enterpriseDisplayName = "Lastname,Firstname (DEPT) COMPANY-CITY";
+      vi.mocked(prisma.user.create).mockResolvedValueOnce({
+        ...mockPrismaUser,
+        name: enterpriseDisplayName,
+      });
+
+      const result = await createUser({
+        email: mockUser.email,
+        name: enterpriseDisplayName,
+        locale: mockUser.locale,
+      });
+
+      expect(result.name).toBe(enterpriseDisplayName);
+      expect(prisma.user.create).toHaveBeenCalledWith(
+        expect.objectContaining({
+          data: expect.objectContaining({
+            name: enterpriseDisplayName,
+          }),
+        })
+      );
+    });
+
+    test("rejects display names with newline characters", async () => {
+      await expect(
+        createUser({
+          email: mockUser.email,
+          name: "Lastname,Firstname\n(DEPT) COMPANY-CITY",
+          locale: mockUser.locale,
+        })
+      ).rejects.toThrow(ValidationError);
+
+      expect(prisma.user.create).not.toHaveBeenCalled();
+    });
+
    test("throws InvalidInputError when email already exists", async () => {
      const errToThrow = new Prisma.PrismaClientKnownRequestError("Mock error message", {
        code: PrismaErrorType.UniqueConstraintViolation,
@@ -3,6 +3,7 @@ import cubejs, { type Query } from "@cubejs-client/core";
 import { randomUUID } from "node:crypto";
 import { logger } from "@formbricks/logger";
 import type { TChartQuery } from "@formbricks/types/analysis";
+import { expandPresetDateRanges } from "@/modules/ee/analysis/lib/date-presets";
 import { queueAuditEventWithoutRequest } from "@/modules/ee/audit-logs/lib/handler";
 import { UNKNOWN_DATA } from "@/modules/ee/audit-logs/types/audit-log";
 import { type TCubeQuerySource, getCubeApiConfig } from "./cube-config";
@@ -89,7 +90,7 @@ export async function executeTenantScopedQuery(input: TScopedCubeQueryInput) {

  try {
    const client = cubejs(token, { apiUrl });
-    const resultSet = await client.load(input.query as Query);
+    const resultSet = await client.load(expandPresetDateRanges(input.query) as Query);
    const result = resultSet.tablePivot();
    queueCubeQueryAuditEvent({ input, requestId, status: "success" });
    return result;
@@ -363,8 +363,10 @@ export const generateAIChartAction = authenticatedActionClient

      await checkDashboardsEnabled(organizationId);

-      // Verify AI is entitled, enabled at org level, and configured at instance level
-      await assertOrganizationAIConfigured(organizationId, "dataAnalysis");
+      // Verify AI is entitled, enabled at org level, and configured at instance level.
+      // Uses "smartTools" (not "dataAnalysis") because chart generation only sends the
+      // Cube schema context and the user's prompt to the LLM — no response PII.
+      await assertOrganizationAIConfigured(organizationId, "smartTools");

      const { feedbackDirectoryId } = await checkFeedbackDirectoryAccess({
        feedbackDirectoryId: parsedInput.feedbackDirectoryId,
@@ -1,5 +1,5 @@
 import { use } from "react";
-import { getAIDataAnalysisUnavailableReason, getOrganizationAIConfig } from "@/lib/ai/service";
+import { getAISmartToolsUnavailableReason, getOrganizationAIConfig } from "@/lib/ai/service";
 import { getConnectorsWithMappings } from "@/lib/connector/service";
 import { ENTERPRISE_LICENSE_REQUEST_FORM_URL, IS_FORMBRICKS_CLOUD } from "@/lib/constants";
 import { getTranslate } from "@/lingodotdev/server";
@@ -87,7 +87,7 @@ export async function ChartsListPage({ workspaceId }: Readonly<ChartsListPagePro
    getConnectorsWithMappings(workspaceId),
    getOrganizationAIConfig(organization.id),
  ]);
-  const aiUnavailableReason = getAIDataAnalysisUnavailableReason(aiConfig);
+  const aiUnavailableReason = getAISmartToolsUnavailableReason(aiConfig);
  const isAIAvailable = !aiUnavailableReason;
  const hasFeedbackRecords = await hasFeedbackRecordsInDirectories(
    directories.map((directory) => directory.id)
@@ -83,6 +83,24 @@ export function TimeDimensionPanel({
    }
  };

+  const handleDateRangeTypeChange = (value: "preset" | "custom") => {
+    setDateRangeType(value);
+    if (!timeDimension) return;
+
+    if (value === "preset") {
+      const nextPreset = presetValue || "last 30 days";
+      if (!presetValue) setPresetValue(nextPreset);
+      onTimeDimensionChange({ ...timeDimension, dateRange: nextPreset });
+      return;
+    }
+
+    const start = customStartDate ?? new Date();
+    const end = customEndDate ?? start;
+    if (!customStartDate) setCustomStartDate(start);
+    if (!customEndDate) setCustomEndDate(end);
+    onTimeDimensionChange({ ...timeDimension, dateRange: [start, end] });
+  };
+
  if (!timeDimension) {
    return (
      <div className="space-y-2">
@@ -150,7 +168,7 @@ export function TimeDimensionPanel({
          <div className="space-y-2">
            <Select
              value={dateRangeType}
-              onValueChange={(value) => setDateRangeType(value as "preset" | "custom")}>
+              onValueChange={(value) => handleDateRangeTypeChange(value as "preset" | "custom")}>
              <SelectTrigger className="w-full bg-white">
                <SelectValue />
              </SelectTrigger>
@@ -2,7 +2,7 @@ import { notFound } from "next/navigation";
 import { logger } from "@formbricks/logger";
 import type { TChartQuery } from "@formbricks/types/analysis";
 import { ResourceNotFoundError } from "@formbricks/types/errors";
-import { getAIDataAnalysisUnavailableReason, getOrganizationAIConfig } from "@/lib/ai/service";
+import { getAISmartToolsUnavailableReason, getOrganizationAIConfig } from "@/lib/ai/service";
 import { ENTERPRISE_LICENSE_REQUEST_FORM_URL, IS_FORMBRICKS_CLOUD } from "@/lib/constants";
 import { getTranslate } from "@/lingodotdev/server";
 import { executeTenantScopedQuery } from "@/modules/ee/analysis/api/lib/cube-client";
@@ -99,7 +99,7 @@ export async function DashboardDetailPage({
    getFeedbackDirectoriesByWorkspaceId(workspaceId),
    getOrganizationAIConfig(organization.id),
  ]);
-  const aiUnavailableReason = getAIDataAnalysisUnavailableReason(aiConfig);
+  const aiUnavailableReason = getAISmartToolsUnavailableReason(aiConfig);
  const isAIAvailable = !aiUnavailableReason;

  let dashboard;
@@ -0,0 +1,96 @@
+import { describe, expect, test } from "vitest";
+import type { TChartQuery } from "@formbricks/types/analysis";
+import { expandPresetDateRanges } from "./date-presets";
+
+const queryWithDateRange = (dateRange: string | [string, string]): TChartQuery => ({
+  measures: ["FeedbackRecords.count"],
+  timeDimensions: [{ dimension: "FeedbackRecords.collectedAt", dateRange }],
+});
+
+// Mid-month, mid-quarter date that exercises month/quarter/year boundaries cleanly.
+const NOW = new Date(2026, 4, 21, 14, 30, 0); // May 21, 2026 14:30 local
+
+describe("expandPresetDateRanges", () => {
+  test("includes today for 'last 7 days'", () => {
+    const result = expandPresetDateRanges(queryWithDateRange("last 7 days"), NOW);
+    expect(result.timeDimensions?.[0].dateRange).toEqual(["2026-05-15", "2026-05-21"]);
+  });
+
+  test("includes today for 'last 30 days'", () => {
+    const result = expandPresetDateRanges(queryWithDateRange("last 30 days"), NOW);
+    expect(result.timeDimensions?.[0].dateRange).toEqual(["2026-04-22", "2026-05-21"]);
+  });
+
+  test("expands 'today' to today..today", () => {
+    const result = expandPresetDateRanges(queryWithDateRange("today"), NOW);
+    expect(result.timeDimensions?.[0].dateRange).toEqual(["2026-05-21", "2026-05-21"]);
+  });
+
+  test("expands 'yesterday' to yesterday..yesterday", () => {
+    const result = expandPresetDateRanges(queryWithDateRange("yesterday"), NOW);
+    expect(result.timeDimensions?.[0].dateRange).toEqual(["2026-05-20", "2026-05-20"]);
+  });
+
+  test("'this month' runs from the 1st through today", () => {
+    const result = expandPresetDateRanges(queryWithDateRange("this month"), NOW);
+    expect(result.timeDimensions?.[0].dateRange).toEqual(["2026-05-01", "2026-05-21"]);
+  });
+
+  test("'last month' is the full previous calendar month", () => {
+    const result = expandPresetDateRanges(queryWithDateRange("last month"), NOW);
+    expect(result.timeDimensions?.[0].dateRange).toEqual(["2026-04-01", "2026-04-30"]);
+  });
+
+  test("'last month' handles year rollover", () => {
+    const janFirst = new Date(2026, 0, 15, 10, 0, 0);
+    const result = expandPresetDateRanges(queryWithDateRange("last month"), janFirst);
+    expect(result.timeDimensions?.[0].dateRange).toEqual(["2025-12-01", "2025-12-31"]);
+  });
+
+  test("'this quarter' starts at the first day of the calendar quarter", () => {
+    const result = expandPresetDateRanges(queryWithDateRange("this quarter"), NOW);
+    expect(result.timeDimensions?.[0].dateRange).toEqual(["2026-04-01", "2026-05-21"]);
+  });
+
+  test("'this year' starts on Jan 1", () => {
+    const result = expandPresetDateRanges(queryWithDateRange("this year"), NOW);
+    expect(result.timeDimensions?.[0].dateRange).toEqual(["2026-01-01", "2026-05-21"]);
+  });
+
+  test("leaves explicit [start, end] tuple unchanged", () => {
+    const result = expandPresetDateRanges(queryWithDateRange(["2026-01-01", "2026-01-15"]), NOW);
+    expect(result.timeDimensions?.[0].dateRange).toEqual(["2026-01-01", "2026-01-15"]);
+  });
+
+  test("leaves an unknown preset string unchanged so Cube can interpret it", () => {
+    const result = expandPresetDateRanges(queryWithDateRange("from -3 days to now"), NOW);
+    expect(result.timeDimensions?.[0].dateRange).toBe("from -3 days to now");
+  });
+
+  test("returns input unchanged when there are no time dimensions", () => {
+    const q: TChartQuery = { measures: ["FeedbackRecords.count"] };
+    expect(expandPresetDateRanges(q, NOW)).toEqual(q);
+  });
+
+  test("preserves other timeDimension fields (granularity, dimension)", () => {
+    const q: TChartQuery = {
+      measures: ["FeedbackRecords.count"],
+      timeDimensions: [
+        { dimension: "FeedbackRecords.collectedAt", granularity: "day", dateRange: "last 7 days" },
+      ],
+    };
+    const result = expandPresetDateRanges(q, NOW);
+    expect(result.timeDimensions?.[0]).toMatchObject({
+      dimension: "FeedbackRecords.collectedAt",
+      granularity: "day",
+      dateRange: ["2026-05-15", "2026-05-21"],
+    });
+  });
+
+  test("does not mutate the input query", () => {
+    const q = queryWithDateRange("last 7 days");
+    const before = JSON.stringify(q);
+    expandPresetDateRanges(q, NOW);
+    expect(JSON.stringify(q)).toBe(before);
+  });
+});
@@ -0,0 +1,37 @@
+import { addDays, formatDate, startOfDay, startOfMonth, startOfQuarter, startOfYear } from "date-fns";
+import type { TChartQuery } from "@formbricks/types/analysis";
+
+// Cube's native "last N days" / "this month" / etc. strings exclude today; we expand them
+// to explicit inclusive ranges so charts behave like every other analytics tool (GA, Mixpanel,
+// PostHog, ...) and include the current partial day.
+const PRESET_RESOLVERS: Record<string, (now: Date) => [Date, Date]> = {
+  today: (now) => [startOfDay(now), startOfDay(now)],
+  yesterday: (now) => [addDays(startOfDay(now), -1), addDays(startOfDay(now), -1)],
+  "last 7 days": (now) => [addDays(startOfDay(now), -6), startOfDay(now)],
+  "last 30 days": (now) => [addDays(startOfDay(now), -29), startOfDay(now)],
+  "this month": (now) => [startOfMonth(now), startOfDay(now)],
+  "last month": (now) => {
+    const firstOfThisMonth = startOfMonth(now);
+    const lastOfLastMonth = addDays(firstOfThisMonth, -1);
+    return [startOfMonth(lastOfLastMonth), lastOfLastMonth];
+  },
+  "this quarter": (now) => [startOfQuarter(now), startOfDay(now)],
+  "this year": (now) => [startOfYear(now), startOfDay(now)],
+};
+
+export const expandPresetDateRanges = (query: TChartQuery, now: Date = new Date()): TChartQuery => {
+  if (!query.timeDimensions?.length) return query;
+
+  const expanded = query.timeDimensions.map((td) => {
+    if (typeof td.dateRange !== "string") return td;
+    const resolver = PRESET_RESOLVERS[td.dateRange.toLowerCase().trim()];
+    if (!resolver) return td;
+    const [start, end] = resolver(now);
+    return {
+      ...td,
+      dateRange: [formatDate(start, "yyyy-MM-dd"), formatDate(end, "yyyy-MM-dd")] as [string, string],
+    };
+  });
+
+  return { ...query, timeDimensions: expanded };
+};
@@ -1,3 +1,5 @@
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
 import { describe, expect, test } from "vitest";
 import {
  FEEDBACK_FIELDS,
@@ -6,6 +8,17 @@ import {
  getFilterOperatorsForType,
 } from "./schema-definition";

+const chartCubeSchemaPath = fileURLToPath(
+  new URL("../../../../../../charts/formbricks/cube/schema/FeedbackRecords.js", import.meta.url)
+);
+const dockerCubeSchemaPath = fileURLToPath(
+  new URL("../../../../../../docker/cube/schema/FeedbackRecords.js", import.meta.url)
+);
+
+const readChartCubeSchema = (): string => readFileSync(chartCubeSchemaPath, "utf8");
+const readDockerCubeSchema = (): string => readFileSync(dockerCubeSchemaPath, "utf8");
+const getCubeMemberName = (id: string): string => id.replace("FeedbackRecords.", "");
+
 describe("schema-definition", () => {
  describe("getFilterOperatorsForType", () => {
    test("returns string operators", () => {
@@ -94,5 +107,20 @@ describe("schema-definition", () => {
      );
      expect(ids).not.toContain("FeedbackRecords.averageScore");
    });
+
+    test("only exposes members present in the deployed Cube schema", () => {
+      const chartCubeSchema = readChartCubeSchema();
+      const exposedMembers = [...FEEDBACK_FIELDS.measures, ...FEEDBACK_FIELDS.dimensions].map(({ id }) =>
+        getCubeMemberName(id)
+      );
+
+      for (const member of exposedMembers) {
+        expect(chartCubeSchema).toContain(`    ${member}: {`);
+      }
+    });
+
+    test("keeps the Helm and Docker Cube schemas in sync", () => {
+      expect(readChartCubeSchema()).toBe(readDockerCubeSchema());
+    });
  });
 });
@@ -436,17 +436,15 @@ export const PricingTable = ({
          <Alert variant="info" className="max-w-4xl">
            <AlertTitle>{t("workspace.settings.billing.pending_plan_change_title")}</AlertTitle>
            <AlertDescription>
-              {t("workspace.settings.billing.pending_plan_change_description")
-                .replace("{{plan}}", getCurrentCloudPlanLabel(pendingChange.targetPlan, t))
-                .replace(
-                  "{{date}}",
-                  formatDateForDisplay(new Date(pendingChange.effectiveAt), locale, {
-                    year: "numeric",
-                    month: "short",
-                    day: "numeric",
-                    timeZone: "UTC",
-                  })
-                )}
+              {t("workspace.settings.billing.pending_plan_change_description", {
+                plan: getCurrentCloudPlanLabel(pendingChange.targetPlan, t),
+                date: formatDateForDisplay(new Date(pendingChange.effectiveAt), locale, {
+                  year: "numeric",
+                  month: "short",
+                  day: "numeric",
+                  timeZone: "UTC",
+                }),
+              })}
            </AlertDescription>
            {hasBillingRights && (
              <AlertButton onClick={() => void undoPendingChange()} loading={isPlanActionPending === "undo"}>
@@ -3,8 +3,12 @@ import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 import { ZId } from "@formbricks/types/common";
 import { TContactAttributeKey } from "@formbricks/types/contact-attribute-key";
-import { DatabaseError } from "@formbricks/types/errors";
+import { DatabaseError, InvalidInputError } from "@formbricks/types/errors";
 import { validateInputs } from "@/lib/utils/validate";
+import {
+  getReservedFutureDefaultAttributeKeyIssue,
+  isReservedFutureDefaultAttributeKey,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";
 import {
  TContactAttributeKeyUpdateInput,
  ZContactAttributeKeyUpdateInput,
@@ -56,6 +60,10 @@ export const updateContactAttributeKey = async (
 ): Promise<TContactAttributeKey | null> => {
  validateInputs([contactAttributeKeyId, ZId], [data, ZContactAttributeKeyUpdateInput]);

+  if (data.key && isReservedFutureDefaultAttributeKey(data.key)) {
+    throw new InvalidInputError(getReservedFutureDefaultAttributeKeyIssue([data.key]));
+  }
+
  try {
    const contactAttributeKey = await prisma.contactAttributeKey.update({
      where: {
@@ -1,12 +1,21 @@
 import { z } from "zod";
 import { ZContactAttributeDataType } from "@formbricks/types/contact-attribute-key";
 import { isSafeIdentifier } from "@/lib/utils/safe-identifier";
+import {
+  RESERVED_FUTURE_DEFAULT_ATTRIBUTE_KEY_VALIDATION_MESSAGE,
+  isReservedFutureDefaultAttributeKey,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";

 export const ZContactAttributeKeyCreateInput = z.object({
-  key: z.string().refine((val) => isSafeIdentifier(val), {
-    error:
-      "Key must be a safe identifier: only lowercase letters, numbers, and underscores, and must start with a letter",
-  }),
+  key: z
+    .string()
+    .refine((val) => isSafeIdentifier(val), {
+      error:
+        "Key must be a safe identifier: only lowercase letters, numbers, and underscores, and must start with a letter",
+    })
+    .refine((val) => !isReservedFutureDefaultAttributeKey(val), {
+      error: RESERVED_FUTURE_DEFAULT_ATTRIBUTE_KEY_VALIDATION_MESSAGE,
+    }),
  description: z.string().optional(),
  type: z.enum(["custom"]),
  dataType: ZContactAttributeDataType.optional(),
@@ -24,6 +33,9 @@ export const ZContactAttributeKeyUpdateInput = z.object({
      error:
        "Key must be a safe identifier: only lowercase letters, numbers, and underscores, and must start with a letter",
    })
+    .refine((val) => !isReservedFutureDefaultAttributeKey(val), {
+      error: RESERVED_FUTURE_DEFAULT_ATTRIBUTE_KEY_VALIDATION_MESSAGE,
+    })
    .optional(),
  dataType: ZContactAttributeDataType.optional(),
 });
@@ -3,7 +3,7 @@ import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { PrismaErrorType } from "@formbricks/database/types/error";
 import { TContactAttributeKeyType } from "@formbricks/types/contact-attribute-key";
-import { DatabaseError, OperationNotAllowedError } from "@formbricks/types/errors";
+import { DatabaseError, InvalidInputError, OperationNotAllowedError } from "@formbricks/types/errors";
 import { MAX_ATTRIBUTE_CLASSES_PER_ENVIRONMENT } from "@/lib/constants";
 import { TContactAttributeKeyCreateInput } from "@/modules/ee/contacts/api/v1/management/contact-attribute-keys/[contactAttributeKeyId]/types/contact-attribute-keys";
 import { createContactAttributeKey, getContactAttributeKeys } from "./contact-attribute-keys";
@@ -144,6 +144,17 @@ describe("createContactAttributeKey", () => {
    expect(prisma.contactAttributeKey.create).not.toHaveBeenCalled();
  });

+  test("should throw InvalidInputError when key is reserved for future defaults", async () => {
+    await expect(
+      createContactAttributeKey(workspaceId, {
+        ...createInput,
+        key: "user_id",
+      })
+    ).rejects.toThrow(InvalidInputError);
+    expect(prisma.contactAttributeKey.count).not.toHaveBeenCalled();
+    expect(prisma.contactAttributeKey.create).not.toHaveBeenCalled();
+  });
+
  test("should throw DatabaseError if Prisma create fails", async () => {
    vi.mocked(prisma.contactAttributeKey.count).mockResolvedValue(0);
    const errorMessage = "Prisma create error";
@@ -3,10 +3,14 @@ import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 import { PrismaErrorType } from "@formbricks/database/types/error";
 import { TContactAttributeKey } from "@formbricks/types/contact-attribute-key";
-import { DatabaseError, OperationNotAllowedError } from "@formbricks/types/errors";
+import { DatabaseError, InvalidInputError, OperationNotAllowedError } from "@formbricks/types/errors";
 import { MAX_ATTRIBUTE_CLASSES_PER_ENVIRONMENT } from "@/lib/constants";
 import { formatSnakeCaseToTitleCase } from "@/lib/utils/safe-identifier";
 import { TContactAttributeKeyCreateInput } from "@/modules/ee/contacts/api/v1/management/contact-attribute-keys/[contactAttributeKeyId]/types/contact-attribute-keys";
+import {
+  getReservedFutureDefaultAttributeKeyIssue,
+  isReservedFutureDefaultAttributeKey,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";

 export const getContactAttributeKeys = reactCache(
  async (workspaceIds: string[]): Promise<TContactAttributeKey[]> => {
@@ -29,6 +33,10 @@ export const createContactAttributeKey = async (
  workspaceId: string,
  data: TContactAttributeKeyCreateInput
 ): Promise<TContactAttributeKey | null> => {
+  if (isReservedFutureDefaultAttributeKey(data.key)) {
+    throw new InvalidInputError(getReservedFutureDefaultAttributeKeyIssue([data.key]));
+  }
+
  const contactAttributeKeysCount = await prisma.contactAttributeKey.count({
    where: {
      workspaceId,
@@ -6,6 +6,10 @@ import { TContactAttributeDataType } from "@formbricks/types/contact-attribute-k
 import { Result, err, ok } from "@formbricks/types/error-handlers";
 import { isSafeIdentifier } from "@/lib/utils/safe-identifier";
 import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
+import {
+  getReservedFutureDefaultAttributeKeyIssue,
+  isReservedFutureDefaultAttributeKey,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";
 import { prepareAttributeColumnsForStorage } from "@/modules/ee/contacts/lib/attribute-storage";
 import { detectAttributeDataType } from "@/modules/ee/contacts/lib/detect-attribute-type";
 import { TContactBulkUploadContact } from "@/modules/ee/contacts/types/contact";
@@ -545,6 +549,22 @@ export const upsertBulkContacts = async (
    });
  }

+  const reservedNewKeys = attributeKeys.filter(
+    (key) => !existingKeySet.has(key) && isReservedFutureDefaultAttributeKey(key)
+  );
+
+  if (reservedNewKeys.length > 0) {
+    return err({
+      type: "bad_request",
+      details: [
+        {
+          field: "attributes",
+          issue: getReservedFutureDefaultAttributeKeyIssue(reservedNewKeys),
+        },
+      ],
+    });
+  }
+
  // Type Detection Phase
  const attributeValuesByKey = buildAttributeValuesByKey(contacts);
  const attributeTypeMap = determineAttributeTypes(attributeValuesByKey, existingAttributeKeys);
@@ -347,6 +347,42 @@ describe("upsertBulkContacts", () => {
    expect(prisma.$executeRaw).toHaveBeenCalled();
  });

+  test("should return bad request when payload creates reserved future default keys", async () => {
+    const mockContacts = [
+      {
+        attributes: [
+          { attributeKey: { key: "email", name: "Email" }, value: "john@example.com" },
+          { attributeKey: { key: "user_id", name: "User Id" }, value: "user-123" },
+        ],
+      },
+    ];
+
+    const mockParsedEmails = ["john@example.com"];
+
+    vi.mocked(prisma.contactAttribute.findMany).mockResolvedValueOnce([]);
+    vi.mocked(prisma.contact.findMany).mockResolvedValueOnce([]);
+    vi.mocked(prisma.contactAttributeKey.findMany).mockResolvedValueOnce([
+      { id: "attr-key-email", key: "email", workspaceId: mockWorkspaceId, name: "Email" },
+    ] as any);
+
+    const result = await upsertBulkContacts(mockContacts, mockWorkspaceId, mockParsedEmails);
+    expect(result.ok).toBe(false);
+    expect(prisma.contact.createMany).not.toHaveBeenCalled();
+
+    if (!result.ok) {
+      expect(result.error).toStrictEqual({
+        type: "bad_request",
+        details: [
+          {
+            field: "attributes",
+            issue:
+              "Reserved attribute key(s): user_id. These keys are reserved for the v5.1 safe-identifier default attribute migration and cannot be created as custom attributes.",
+          },
+        ],
+      });
+    }
+  });
+
  test("should update attribute key names when they change", async () => {
    // Mock data: a contact with an attribute that has a new name for an existing key
    const mockContacts = [
@@ -10,6 +10,10 @@ import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-clie
 import { getOrganizationIdFromWorkspaceId } from "@/lib/utils/helper";
 import { isSafeIdentifier } from "@/lib/utils/safe-identifier";
 import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
+import {
+  RESERVED_FUTURE_DEFAULT_ATTRIBUTE_KEY_VALIDATION_MESSAGE,
+  isReservedFutureDefaultAttributeKey,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";
 import {
  createContactAttributeKey,
  deleteContactAttributeKey,
@@ -19,10 +23,15 @@ import {

 const ZCreateContactAttributeKeyAction = z.object({
  workspaceId: ZId,
-  key: z.string().refine((val) => isSafeIdentifier(val), {
-    error:
-      "Key must be a safe identifier: only lowercase letters, numbers, and underscores, and must start with a letter",
-  }),
+  key: z
+    .string()
+    .refine((val) => isSafeIdentifier(val), {
+      error:
+        "Key must be a safe identifier: only lowercase letters, numbers, and underscores, and must start with a letter",
+    })
+    .refine((val) => !isReservedFutureDefaultAttributeKey(val), {
+      error: RESERVED_FUTURE_DEFAULT_ATTRIBUTE_KEY_VALIDATION_MESSAGE,
+    }),
  name: z.string().optional(),
  description: z.string().optional(),
  dataType: ZContactAttributeDataType.optional(),
@@ -8,6 +8,10 @@ import { useTranslation } from "react-i18next";
 import { TContactAttributeDataType } from "@formbricks/types/contact-attribute-key";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { formatSnakeCaseToTitleCase, isSafeIdentifier, toSafeIdentifier } from "@/lib/utils/safe-identifier";
+import {
+  RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEYS_TEXT,
+  isReservedFutureDefaultAttributeKey,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";
 import { Button } from "@/modules/ui/components/button";
 import {
  Dialog,
@@ -93,6 +97,14 @@ export function CreateAttributeModal({ workspaceId }: Readonly<CreateAttributeMo
      );
      return false;
    }
+    if (isReservedFutureDefaultAttributeKey(key)) {
+      setKeyError(
+        t("workspace.contacts.attribute_key_reserved_future_default", {
+          reservedKeys: RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEYS_TEXT,
+        })
+      );
+      return false;
+    }
    setKeyError("");
    return true;
  };
@@ -10,33 +10,37 @@ export const CsvTable = ({ data }: CsvTableProps) => {
  }

  const columns = Object.keys(data[0]);
-
  return (
    <div className="w-full overflow-x-auto rounded-md">
-      <div
-        className="sticky top-0 z-10 grid gap-2 border-b-2 border-slate-100 bg-slate-100 px-3 py-2 text-left"
-        style={{ gridTemplateColumns: `repeat(${columns.length}, minmax(100px, 1fr))` }}>
-        {columns.map((header, index) => (
-          <span
-            key={index}
-            className="overflow-hidden text-ellipsis whitespace-nowrap text-xs font-semibold capitalize leading-tight">
-            {header.replace(/_/g, " ")}
-          </span>
-        ))}
-      </div>
-
-      {data.map((row, rowIndex) => (
-        <div
-          key={rowIndex}
-          className="grid gap-2 border-b border-gray-200 bg-white px-3 py-2 text-left leading-tight last:border-b-0"
-          style={{ gridTemplateColumns: `repeat(${columns.length}, minmax(100px, 1fr))` }}>
-          {columns.map((header, colIndex) => (
-            <span key={colIndex} className="overflow-hidden text-ellipsis whitespace-nowrap text-xs">
-              {row[header]}
-            </span>
+      <table className="w-max min-w-full border-separate border-spacing-0 text-left text-xs">
+        <thead>
+          <tr className="bg-slate-100">
+            {columns.map((header) => (
+              <th
+                key={header}
+                scope="col"
+                className="sticky top-0 z-10 min-w-[120px] border-b-2 border-slate-200 bg-slate-100 px-3 py-2 font-semibold">
+                {header}
+              </th>
+            ))}
+          </tr>
+        </thead>
+        <tbody>
+          {data.map((row, rowIndex) => (
+            <tr key={rowIndex} className="bg-white">
+              {columns.map((header) => (
+                <td
+                  key={`${rowIndex}-${header}`}
+                  className="min-w-[120px] border-b border-slate-200 px-3 py-2">
+                  <span className="block overflow-hidden text-ellipsis whitespace-nowrap">
+                    {row[header] ?? ""}
+                  </span>
+                </td>
+              ))}
+            </tr>
          ))}
-        </div>
-      ))}
+        </tbody>
+      </table>
    </div>
  );
 };
@@ -4,6 +4,10 @@ import { ChevronDownIcon } from "lucide-react";
 import { useEffect, useMemo } from "react";
 import { useTranslation } from "react-i18next";
 import { isSafeIdentifier } from "@/lib/utils/safe-identifier";
+import {
+  RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEYS_TEXT,
+  isReservedFutureDefaultAttributeKey,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";
 import { Button } from "@/modules/ui/components/button";
 import {
  Command,
@@ -41,6 +45,8 @@ export const UploadContactsAttributeCombobox = ({
  currentKey,
 }: ITagsComboboxProps) => {
  const { t } = useTranslation();
+  const normalizedSearchValue = searchValue.trim();
+
  useEffect(() => {
    // reset search value and value when closing the combobox
    if (!open) {
@@ -50,20 +56,56 @@ export const UploadContactsAttributeCombobox = ({

  // Check if the search value is a valid safe identifier for creating new attributes
  const isValidNewKey = useMemo(() => {
-    if (!searchValue) return false;
-    return isSafeIdentifier(searchValue.trim());
-  }, [searchValue]);
+    if (!normalizedSearchValue) return false;
+    return isSafeIdentifier(normalizedSearchValue);
+  }, [normalizedSearchValue]);
+
+  const isReservedNewKey = useMemo(() => {
+    if (!normalizedSearchValue) return false;
+    return isReservedFutureDefaultAttributeKey(normalizedSearchValue);
+  }, [normalizedSearchValue]);

  const existingKeyMatch = useMemo(() => {
    return keys.find((tag) => tag?.label?.toLowerCase().includes(searchValue?.toLowerCase()));
  }, [keys, searchValue]);

  const handleCreateKey = () => {
-    if (isValidNewKey && !existingKeyMatch) {
-      createKey(searchValue.trim());
+    if (isValidNewKey && !existingKeyMatch && !isReservedNewKey) {
+      createKey(normalizedSearchValue);
    }
  };

+  const renderCreateOptionContent = () => {
+    if (isValidNewKey && !isReservedNewKey) {
+      return (
+        <button
+          onClick={handleCreateKey}
+          className="h-8 w-full text-left hover:cursor-pointer hover:bg-slate-50 disabled:cursor-not-allowed disabled:opacity-50"
+          disabled={!!existingKeyMatch}>
+          + {t("common.add")} {normalizedSearchValue}
+        </button>
+      );
+    }
+
+    if (isReservedNewKey) {
+      return (
+        <div className="flex flex-col py-1 text-xs text-slate-500">
+          <span className="text-red-500">
+            {t("workspace.contacts.attribute_key_reserved_future_default", {
+              reservedKeys: RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEYS_TEXT,
+            })}
+          </span>
+        </div>
+      );
+    }
+
+    return (
+      <div className="flex flex-col py-1 text-xs text-slate-500">
+        <span className="text-red-500">{t("workspace.contacts.attribute_key_safe_identifier_required")}</span>
+      </div>
+    );
+  };
+
  return (
    <Popover open={open} onOpenChange={setOpen}>
      <PopoverTrigger asChild>
@@ -135,22 +177,7 @@ export const UploadContactsAttributeCombobox = ({
                );
              })}
              {searchValue !== "" && !keys.some((tag) => tag.label === searchValue) && (
-                <CommandItem value="_create">
-                  {isValidNewKey ? (
-                    <button
-                      onClick={handleCreateKey}
-                      className="h-8 w-full text-left hover:cursor-pointer hover:bg-slate-50 disabled:cursor-not-allowed disabled:opacity-50"
-                      disabled={!!existingKeyMatch}>
-                      + Add {searchValue}
-                    </button>
-                  ) : (
-                    <div className="flex flex-col py-1 text-xs text-slate-500">
-                      <span className="text-red-500">
-                        {t("workspace.contacts.attribute_key_safe_identifier_required")}
-                      </span>
-                    </div>
-                  )}
-                </CommandItem>
+                <CommandItem value="_create">{renderCreateOptionContent()}</CommandItem>
              )}
            </CommandGroup>
          </CommandList>
@@ -13,6 +13,10 @@ import { isSafeIdentifier } from "@/lib/utils/safe-identifier";
 import { createContactsFromCSVAction } from "@/modules/ee/contacts/actions";
 import { CsvTable } from "@/modules/ee/contacts/components/csv-table";
 import { UploadContactsAttributes } from "@/modules/ee/contacts/components/upload-contacts-attribute";
+import {
+  RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEYS_TEXT,
+  isReservedFutureDefaultAttributeKey,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";
 import { TContactCSVUploadResponse, ZContactCSVUploadResponse } from "@/modules/ee/contacts/types/contact";
 import { Alert } from "@/modules/ui/components/alert";
 import { Button } from "@/modules/ui/components/button";
@@ -257,7 +261,6 @@ export const UploadContactsCSVButton = ({

  useEffect(() => {
    const matches: Record<string, string> = {};
-    const invalidColumns: string[] = [];

    for (const columnName of csvColumns) {
      let matched = false;
@@ -270,25 +273,66 @@ export const UploadContactsCSVButton = ({
      }

      if (!matched) {
-        // This column will become a new attribute - validate it's a safe identifier
-        if (!isSafeIdentifier(columnName)) {
-          invalidColumns.push(columnName);
-        }
        matches[columnName] = columnName;
      }
    }

    setAttributeMap(matches);
+  }, [contactAttributeKeys, csvColumns]);
+
+  useEffect(() => {
+    if (!csvColumns.length || !csvResponse.length) {
+      return;
+    }
+
+    const invalidColumns: string[] = [];
+    const reservedColumns: string[] = [];
+
+    for (const columnName of csvColumns) {
+      const mappedAttribute = attributeMap[columnName];
+      if (!mappedAttribute) {
+        continue;
+      }
+
+      const mapsToExistingAttribute = contactAttributeKeys.some(
+        (attributeKey) => attributeKey.id === mappedAttribute
+      );
+
+      if (mapsToExistingAttribute) {
+        continue;
+      }
+
+      if (!isSafeIdentifier(mappedAttribute)) {
+        invalidColumns.push(columnName);
+        continue;
+      }
+
+      if (isReservedFutureDefaultAttributeKey(mappedAttribute)) {
+        reservedColumns.push(columnName);
+      }
+    }
+
+    const errorMessages: string[] = [];

-    // Show error for invalid column names that would become new attributes
    if (invalidColumns.length > 0) {
-      setError(
+      errorMessages.push(
        t("workspace.contacts.invalid_csv_column_names", {
          columns: invalidColumns.join(", "),
        })
      );
    }
-  }, [contactAttributeKeys, csvColumns, t]);
+
+    if (reservedColumns.length > 0) {
+      errorMessages.push(
+        t("workspace.contacts.invalid_csv_reserved_column_names", {
+          columns: reservedColumns.join(", "),
+          reservedKeys: RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEYS_TEXT,
+        })
+      );
+    }
+
+    setError(errorMessages.join("\n"));
+  }, [attributeMap, contactAttributeKeys, csvColumns, csvResponse.length, t]);

  useEffect(() => {
    if (error && errorContainerRef.current) {
@@ -304,7 +348,7 @@ export const UploadContactsCSVButton = ({
    const exampleData = [
      {
        email: "user1@example.com",
-        userId: "1001",
+        user_id: "1001",
        first_name: "John",
        last_name: "Doe",
        age: "28",
@@ -313,7 +357,7 @@ export const UploadContactsCSVButton = ({
      },
      {
        email: "user2@example.com",
-        userId: "1002",
+        user_id: "1002",
        first_name: "Jane",
        last_name: "Smith",
        age: "34",
@@ -322,7 +366,7 @@ export const UploadContactsCSVButton = ({
      },
      {
        email: "user3@example.com",
-        userId: "1003",
+        user_id: "1003",
        first_name: "Mark",
        last_name: "Jones",
        age: "45",
@@ -331,7 +375,7 @@ export const UploadContactsCSVButton = ({
      },
      {
        email: "user4@example.com",
-        userId: "1004",
+        user_id: "1004",
        first_name: "Emily",
        last_name: "Brown",
        age: "22",
@@ -340,7 +384,7 @@ export const UploadContactsCSVButton = ({
      },
      {
        email: "user5@example.com",
-        userId: "1005",
+        user_id: "1005",
        first_name: "David",
        last_name: "Wilson",
        age: "31",
@@ -0,0 +1,39 @@
+// Keep these keys reserved until the v5.1 migration moves default contact attributes
+// from camelCase to safe identifiers with backward compatibility aliases.
+// This is a preventive guardrail only (no schema/data migration in v5).
+export const RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEYS = [
+  "user_id",
+  "first_name",
+  "last_name",
+] as const;
+
+export const RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEYS_TEXT =
+  RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEYS.join(", ");
+
+export const RESERVED_FUTURE_DEFAULT_ATTRIBUTE_KEY_VALIDATION_MESSAGE = `Key is reserved for the v5.1 safe-identifier default attribute migration. Reserved keys: ${RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEYS_TEXT}.`;
+
+const RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEY_SET: ReadonlySet<string> = new Set(
+  RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEYS
+);
+
+const normalizeKey = (key: string): string => key.trim().toLowerCase();
+
+export const isReservedFutureDefaultAttributeKey = (key: string): boolean => {
+  return RESERVED_FUTURE_DEFAULT_ATTRIBUTE_SAFE_IDENTIFIER_KEY_SET.has(normalizeKey(key));
+};
+
+export const getReservedFutureDefaultAttributeKeys = (keys: string[]): string[] => {
+  const normalized = keys
+    .map(normalizeKey)
+    .filter((key) => key.length > 0 && isReservedFutureDefaultAttributeKey(key));
+
+  return Array.from(new Set(normalized));
+};
+
+export const getReservedFutureDefaultAttributeKeyIssue = (keys: string[]): string => {
+  const reservedKeys = getReservedFutureDefaultAttributeKeys(keys);
+
+  return `Reserved attribute key(s): ${reservedKeys.join(
+    ", "
+  )}. These keys are reserved for the v5.1 safe-identifier default attribute migration and cannot be created as custom attributes.`;
+};
@@ -221,6 +221,30 @@ describe("updateAttributes", () => {
    );
  });

+  test("skips creating reserved future default attributes", async () => {
+    vi.mocked(getContactAttributeKeys).mockResolvedValue([attributeKeys[1]]);
+    vi.mocked(getContactAttributes).mockResolvedValue({ email: "jane@example.com" });
+    vi.mocked(hasEmailAttribute).mockResolvedValue(false);
+    vi.mocked(hasUserIdAttribute).mockResolvedValue(false);
+    vi.mocked(prisma.$transaction).mockResolvedValue(undefined);
+    vi.mocked(prisma.contactAttribute.deleteMany).mockResolvedValue({ count: 0 });
+
+    const result = await updateAttributes(contactId, userId, workspaceId, {
+      email: "john@example.com",
+      user_id: "future-safe",
+    });
+
+    expect(result.success).toBe(true);
+    expect(result.errors).toContainEqual({
+      code: "reserved_attribute_keys",
+      params: {
+        issue:
+          "Reserved attribute key(s): user_id. These keys are reserved for the v5.1 safe-identifier default attribute migration and cannot be created as custom attributes.",
+      },
+    });
+    expect(prisma.contactAttributeKey.create).not.toHaveBeenCalled();
+  });
+
  test("returns success with only email attribute", async () => {
    vi.mocked(getContactAttributeKeys).mockResolvedValue([attributeKeys[1]]); // email key
    vi.mocked(getContactAttributes).mockResolvedValue({ email: "existing@example.com" });
@@ -6,6 +6,10 @@ import { TContactAttributeKey } from "@formbricks/types/contact-attribute-key";
 import { MAX_ATTRIBUTE_CLASSES_PER_ENVIRONMENT } from "@/lib/constants";
 import { formatSnakeCaseToTitleCase, isSafeIdentifier } from "@/lib/utils/safe-identifier";
 import { validateInputs } from "@/lib/utils/validate";
+import {
+  getReservedFutureDefaultAttributeKeyIssue,
+  isReservedFutureDefaultAttributeKey,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";
 import { prepareNewSDKAttributeForStorage } from "@/modules/ee/contacts/lib/attribute-storage";
 import { getContactAttributeKeys } from "@/modules/ee/contacts/lib/contact-attribute-keys";
 import {
@@ -38,6 +42,7 @@ const MESSAGE_TEMPLATES: Record<string, string> = {
  userid_already_exists: "The userId already exists for this environment and was not updated.",
  invalid_attribute_keys:
    "Skipped creating attribute(s) with invalid key(s): {keys}. Keys must only contain lowercase letters, numbers, and underscores, and must start with a letter.",
+  reserved_attribute_keys: "{issue}",
  attribute_limit_exceeded:
    "Could not create {count} new attribute(s) as it would exceed the maximum limit of {limit} attribute classes. Existing attributes were updated successfully.",
  new_attribute_created: "Created new attribute '{key}' with type '{dataType}'",
@@ -304,12 +309,15 @@ export const updateAttributes = async (
    // Validate that new attribute keys are safe identifiers
    const validNewAttributes: typeof newAttributes = [];
    const invalidKeys: string[] = [];
+    const reservedKeys: string[] = [];

    for (const attr of newAttributes) {
-      if (isSafeIdentifier(attr.key)) {
-        validNewAttributes.push(attr);
-      } else {
+      if (!isSafeIdentifier(attr.key)) {
        invalidKeys.push(attr.key);
+      } else if (isReservedFutureDefaultAttributeKey(attr.key)) {
+        reservedKeys.push(attr.key);
+      } else {
+        validNewAttributes.push(attr);
      }
    }

@@ -325,6 +333,17 @@ export const updateAttributes = async (
      );
    }

+    if (reservedKeys.length > 0) {
+      errors.push({
+        code: "reserved_attribute_keys",
+        params: { issue: getReservedFutureDefaultAttributeKeyIssue(reservedKeys) },
+      });
+      logger.warn(
+        { workspaceId, reservedKeys },
+        "SDK tried to create reserved future default attribute keys - skipping"
+      );
+    }
+
    if (validNewAttributes.length > 0) {
      const totalAttributeClassesLength = contactAttributeKeys.length + validNewAttributes.length;

@@ -147,6 +147,13 @@ describe("createContactAttributeKey", () => {
    await expect(createContactAttributeKey({ workspaceId, key: "email" })).rejects.toThrow(InvalidInputError);
  });

+  test("throws InvalidInputError when key is reserved for future defaults", async () => {
+    await expect(createContactAttributeKey({ workspaceId, key: "user_id" })).rejects.toThrow(
+      InvalidInputError
+    );
+    expect(prisma.contactAttributeKey.create).not.toHaveBeenCalled();
+  });
+
  test("rethrows unknown prisma error codes", async () => {
    const err = Object.assign(new Error("Some prisma error"), { code: PrismaErrorType.RecordDoesNotExist });
    vi.mocked(prisma.contactAttributeKey.create).mockRejectedValue(err);
@@ -4,6 +4,10 @@ import { PrismaErrorType } from "@formbricks/database/types/error";
 import { TContactAttributeDataType, TContactAttributeKey } from "@formbricks/types/contact-attribute-key";
 import { InvalidInputError, OperationNotAllowedError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { formatSnakeCaseToTitleCase } from "@/lib/utils/safe-identifier";
+import {
+  getReservedFutureDefaultAttributeKeyIssue,
+  isReservedFutureDefaultAttributeKey,
+} from "./attribute-key-policy";

 export const getContactAttributeKeys = reactCache(
  async (workspaceId: string): Promise<TContactAttributeKey[]> => {
@@ -31,6 +35,10 @@ export const createContactAttributeKey = async (data: {
  description?: string;
  dataType?: TContactAttributeDataType;
 }): Promise<TContactAttributeKey> => {
+  if (isReservedFutureDefaultAttributeKey(data.key)) {
+    throw new InvalidInputError(getReservedFutureDefaultAttributeKeyIssue([data.key]));
+  }
+
  try {
    const contactAttributeKey = await prisma.contactAttributeKey.create({
      data: {
@@ -537,6 +537,22 @@ describe("Contacts Lib", () => {
      ).rejects.toThrow(ValidationError);
    });

+    test("throws ValidationError when CSV creates reserved future default keys", async () => {
+      const reservedCsvData = [{ email: "john@example.com", user_id: "user-1" }];
+      const attributeMap = { email: "email", user_id: "user_id" };
+
+      vi.mocked(prisma.contact.findMany).mockResolvedValueOnce([]);
+      vi.mocked(prisma.contactAttribute.findMany).mockResolvedValue([]);
+      vi.mocked(prisma.contactAttributeKey.findMany).mockResolvedValueOnce([
+        { key: "email", id: "key-1", dataType: "string" },
+      ] as any);
+
+      await expect(
+        createContactsFromCSV(reservedCsvData as any, mockWorkspaceId, "skip", attributeMap)
+      ).rejects.toThrow(ValidationError);
+      expect(prisma.contactAttributeKey.createMany).not.toHaveBeenCalled();
+    });
+
    test("throws DatabaseError on Prisma error", async () => {
      const attributeMap = { email: "email" };
      const prismaError = new Prisma.PrismaClientKnownRequestError("DB Error", {
@@ -9,6 +9,10 @@ import { DatabaseError, ValidationError } from "@formbricks/types/errors";
 import { ITEMS_PER_PAGE } from "@/lib/constants";
 import { formatSnakeCaseToTitleCase, isSafeIdentifier } from "@/lib/utils/safe-identifier";
 import { validateInputs } from "@/lib/utils/validate";
+import {
+  getReservedFutureDefaultAttributeKeyIssue,
+  getReservedFutureDefaultAttributeKeys,
+} from "@/modules/ee/contacts/lib/attribute-key-policy";
 import { prepareAttributeColumnsForStorage } from "@/modules/ee/contacts/lib/attribute-storage";
 import { getContactSurveyLink } from "@/modules/ee/contacts/lib/contact-survey-link";
 import { detectAttributeDataType } from "@/modules/ee/contacts/lib/detect-attribute-type";
@@ -412,6 +416,11 @@ const createMissingAttributeKeys = async (
    );
  }

+  const reservedKeys = getReservedFutureDefaultAttributeKeys(missingKeys);
+  if (reservedKeys.length > 0) {
+    throw new ValidationError(getReservedFutureDefaultAttributeKeyIssue(reservedKeys));
+  }
+
  // Deduplicate by lowercase to avoid creating duplicates like "firstName" and "firstname"
  const uniqueMissingKeys = new Map<string, string>();
  for (const key of missingKeys) {
@@ -2,7 +2,7 @@

 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
-import { OperationNotAllowedError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { InvalidInputError, OperationNotAllowedError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { ZSegmentCreateInput, ZSegmentFilters, ZSegmentUpdateInput } from "@formbricks/types/segment";
 import { getOrganization } from "@/lib/organization/service";
 import { capturePostHogEvent } from "@/lib/posthog";
@@ -49,7 +49,7 @@ export const createSegmentAction = authenticatedActionClient.inputSchema(ZSegmen
      const surveyWorkspaceId = await getWorkspaceIdFromSurveyId(parsedInput.surveyId);

      if (surveyWorkspaceId !== parsedInput.workspaceId) {
-        throw new Error("Survey and segment are not in the same workspace");
+        throw new InvalidInputError("Survey and segment are not in the same workspace");
      }
    }

@@ -82,7 +82,7 @@ export const createSegmentAction = authenticatedActionClient.inputSchema(ZSegmen
    if (!parsedFilters.success) {
      const errMsg =
        parsedFilters.error.issues.find((issue) => issue.code === "custom")?.message || "Invalid filters";
-      throw new Error(errMsg);
+      throw new InvalidInputError(errMsg);
    }

    const segment = await createSegment(parsedInput);
@@ -139,7 +139,7 @@ export const updateSegmentAction = authenticatedActionClient.inputSchema(ZUpdate
      if (!parsedFilters.success) {
        const errMsg =
          parsedFilters.error.issues.find((issue) => issue.code === "custom")?.message || "Invalid filters";
-        throw new Error(errMsg);
+        throw new InvalidInputError(errMsg);
      }

      await checkForRecursiveSegmentFilter(parsedFilters.data, parsedInput.segmentId);
@@ -169,7 +169,7 @@ export const loadNewSegmentAction = authenticatedActionClient
    const segmentWorkspaceId = await getWorkspaceIdFromSegmentId(parsedInput.segmentId);

    if (surveyWorkspaceId !== segmentWorkspaceId) {
-      throw new Error("Segment and survey are not in the same workspace");
+      throw new InvalidInputError("Segment and survey are not in the same workspace");
    }

    const organizationId = await getOrganizationIdFromSurveyId(parsedInput.surveyId);
@@ -184,22 +184,33 @@ export function AddFilterModal({
    [t]
  );

+  const contactAttributeKeysForPicker = useMemo(() => {
+    // `userId` is represented by the person filter (fingerprint icon), so hide it from attribute entries.
+    return contactAttributeKeys.filter((attributeKey) => attributeKey.key !== "userId");
+  }, [contactAttributeKeys]);
+
  const contactAttributeKeysFiltered = useMemo(() => {
-    if (!contactAttributeKeys) return [];
+    if (!contactAttributeKeysForPicker) return [];

-    if (!searchValue) return contactAttributeKeys;
+    if (!searchValue) return contactAttributeKeysForPicker;

-    return contactAttributeKeys.filter((attributeKey) => {
+    return contactAttributeKeysForPicker.filter((attributeKey) => {
      const attributeValueToSeach = attributeKey.name ?? attributeKey.key;
      return attributeValueToSeach.toLowerCase().includes(searchValue.toLowerCase());
    });
-  }, [contactAttributeKeys, searchValue]);
+  }, [contactAttributeKeysForPicker, searchValue]);

  const contactAttributeFiltered = useMemo(() => {
-    const contactAttributes = [{ name: "userId" }];
+    const personIdentifiers = [{ id: "userId", label: t("common.user_id") }];

-    return contactAttributes.filter((ca) => ca.name.toLowerCase().includes(searchValue.toLowerCase()));
-  }, [searchValue]);
+    return personIdentifiers.filter((personIdentifier) => {
+      const query = searchValue.toLowerCase();
+      return (
+        personIdentifier.id.toLowerCase().includes(query) ||
+        personIdentifier.label.toLowerCase().includes(query)
+      );
+    });
+  }, [searchValue, t]);

  const segmentsFiltered = useMemo(() => {
    if (!segments) return [];
@@ -283,10 +294,10 @@ export function AddFilterModal({

            {filters.contactAttributeFiltered.map((personAttribute) => (
              <FilterButton
-                key={personAttribute.name}
-                data-testid={`filter-btn-person-${personAttribute.name}`}
+                key={personAttribute.id}
+                data-testid={`filter-btn-person-${personAttribute.id}`}
                icon={<FingerprintIcon className="h-4 w-4" />}
-                label={personAttribute.name}
+                label={personAttribute.label}
                onClick={() => {
                  handleAddFilter({
                    type: "person",
@@ -13,7 +13,7 @@ export const ManageTeam = () => {
  const router = useRouter();

  const handleManageTeams = () => {
-    router.push(`${workspaceBasePath}/settings/teams`);
+    router.push(`${workspaceBasePath}/settings/organization/teams`);
  };

  return (
@@ -31,7 +31,7 @@ export const SurveyCompletedMessage = async ({
      {(!workspace || workspace.linkSurveyBranding) && (
        <div>
          <Link href="https://formbricks.com">
-            <Image src={footerLogo as string} alt="Brand logo" className="mx-auto w-40" />
+            <Image src={footerLogo} alt="Brand logo" className="mx-auto w-40" />
          </Link>
        </div>
      )}
@@ -76,7 +76,7 @@ export const SurveyInactive = async ({
      {(!workspace || workspace.linkSurveyBranding) && (
        <div>
          <Link href="https://formbricks.com">
-            <Image src={footerLogo as string} alt="Brand logo" className="mx-auto w-40" />
+            <Image src={footerLogo} alt="Brand logo" className="mx-auto w-40" />
          </Link>
        </div>
      )}
@@ -123,11 +123,7 @@ export const SurveyLoadingAnimation = ({
          isReadyToTransition ? "animate-surveyExit" : "animate-surveyLoading"
        )}>
        {isBrandingEnabled && (
-          <Image
-            src={Logo as string}
-            alt="Logo"
-            className={cn("w-32 transition-all duration-1000 md:w-40")}
-          />
+          <Image src={Logo} alt="Logo" className={cn("w-32 transition-all duration-1000 md:w-40")} />
        )}
        <LoadingSpinner />
      </div>
@@ -1,6 +1,7 @@
 "use client";

-import { EyeIcon, LinkIcon, MoreVertical, SquarePenIcon, TrashIcon } from "lucide-react";
+import { useQueryClient } from "@tanstack/react-query";
+import { CopyIcon, EyeIcon, LinkIcon, MoreVertical, SquarePenIcon, TrashIcon } from "lucide-react";
 import Link from "next/link";
 import { useRouter } from "next/navigation";
 import { useMemo, useState } from "react";
@@ -9,9 +10,12 @@ import { useTranslation } from "react-i18next";
 import { logger } from "@formbricks/logger";
 import { useWorkspace } from "@/app/(app)/workspaces/[workspaceId]/context/workspace-context";
 import { cn } from "@/lib/cn";
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { getV3ApiErrorMessage } from "@/modules/api/lib/v3-client";
 import { EditPublicSurveyAlertDialog } from "@/modules/survey/components/edit-public-survey-alert-dialog";
 import { copySurveyLink } from "@/modules/survey/lib/client-utils";
+import { copySurveyToOtherWorkspaceAction } from "@/modules/survey/list/actions";
+import { surveyKeys } from "@/modules/survey/list/lib/query";
 import { TSurveyListItem } from "@/modules/survey/list/types/survey-overview";
 import { DeleteDialog } from "@/modules/ui/components/delete-dialog";
 import {
@@ -42,9 +46,11 @@ export const SurveyDropDownMenu = ({
  const { t } = useTranslation();
  const [isDeleteDialogOpen, setDeleteDialogOpen] = useState(false);
  const [loading, setLoading] = useState(false);
+  const [isDuplicating, setIsDuplicating] = useState(false);
  const [isDropDownOpen, setIsDropDownOpen] = useState(false);
  const [isCautionDialogOpen, setIsCautionDialogOpen] = useState(false);
  const router = useRouter();
+  const queryClient = useQueryClient();

  const editHref = `/workspaces/${workspace?.id}/surveys/${survey.id}/edit`;

@@ -85,6 +91,29 @@ export const SurveyDropDownMenu = ({
    setIsCautionDialogOpen(true);
  };

+  const handleDuplicateSurvey = async () => {
+    if (!workspace?.id) return;
+    setIsDuplicating(true);
+    setIsDropDownOpen(false);
+    try {
+      const response = await copySurveyToOtherWorkspaceAction({
+        surveyId: survey.id,
+        targetWorkspaceId: workspace.id,
+      });
+      if (response?.data) {
+        toast.success(t("workspace.surveys.survey_duplicated_successfully"));
+        await queryClient.invalidateQueries({ queryKey: surveyKeys.lists() });
+        return;
+      }
+      toast.error(getFormattedErrorMessage(response));
+    } catch (error) {
+      logger.error(error);
+      toast.error(t("common.something_went_wrong_please_try_again"));
+    } finally {
+      setIsDuplicating(false);
+    }
+  };
+
  if (!hasVisibleActions) {
    return null;
  }
@@ -120,6 +149,22 @@ export const SurveyDropDownMenu = ({
                </Link>
              </DropdownMenuItem>
            )}
+            {canManageSurvey && (
+              <DropdownMenuItem>
+                <button
+                  type="button"
+                  data-testid="duplicate-survey"
+                  className={cn("flex w-full items-center", isDuplicating && "cursor-not-allowed opacity-50")}
+                  disabled={isDuplicating}
+                  onClick={(e) => {
+                    e.preventDefault();
+                    void handleDuplicateSurvey();
+                  }}>
+                  <CopyIcon className="mr-2 size-4" />
+                  {t("common.duplicate")}
+                </button>
+              </DropdownMenuItem>
+            )}
            {canPreviewOrCopyLink && (
              <DropdownMenuItem>
                <button
@@ -26,17 +26,21 @@ export const RichTextTranslationInput = ({
 }: RichTextTranslationInputProps) => {
  const [firstRender, setFirstRender] = useState(true);
  const [editorKey, setEditorKey] = useState(0);
-  const prevDisabledRef = useRef(disabled);
+  // Separates external value changes (e.g. AI fill) from the editor's own write-back so we
+  // only remount for the former.
+  const lastWrittenRef = useRef(value);
+  // Suppresses Lexical's mount-time empty listener fire which would otherwise clobber an
+  // externally-applied value back to "".
+  const initialContentSetRef = useRef(false);

-  // Remount the editor when AI translation finishes (disabled transitions from true → false)
-  // so the editor picks up the externally populated value.
  useEffect(() => {
-    if (prevDisabledRef.current && !disabled) {
+    if (value !== lastWrittenRef.current) {
+      lastWrittenRef.current = value;
+      initialContentSetRef.current = false;
      setEditorKey((k) => k + 1);
      setFirstRender(true);
    }
-    prevDisabledRef.current = disabled;
-  }, [disabled]);
+  }, [value]);

  return (
    <div className={disabled ? "cursor-not-allowed rounded-md opacity-60" : "rounded-md"}>
@@ -47,7 +51,12 @@ export const RichTextTranslationInput = ({
        firstRender={firstRender}
        setFirstRender={setFirstRender}
        getText={() => md.render(value)}
-        setText={(v: string) => onChange(path, v)}
+        setText={(v: string) => {
+          if (!initialContentSetRef.current && v === "") return;
+          initialContentSetRef.current = true;
+          lastWrittenRef.current = v;
+          onChange(path, v);
+        }}
        localSurvey={localSurvey}
        elementId={elementId}
        selectedLanguageCode={languageCode}
@@ -46,7 +46,7 @@ const DropdownMenuSubContent: React.ComponentType<DropdownMenuPrimitive.Dropdown
    <DropdownMenuPrimitive.SubContent
      ref={ref as any}
      className={cn(
-        "animate-in slide-in-from-left-1 z-50 min-w-[8rem] overflow-hidden rounded-lg border border-slate-200 bg-white p-1 font-medium text-slate-600 shadow-sm hover:text-slate-700",
+        "z-50 min-w-[8rem] overflow-hidden rounded-lg border border-slate-200 bg-white p-1 font-medium text-slate-600 shadow-sm animate-in slide-in-from-left-1 hover:text-slate-700",
        className
      )}
      {...props}
@@ -67,7 +67,7 @@ const DropdownMenuContent: React.ComponentType<DropdownMenuPrimitive.DropdownMen
          ref={ref}
          sideOffset={sideOffset}
          className={cn(
-            "animate-in data-[side=right]:slide-in-from-left-2 data-[side=left]:slide-in-from-right-2 data-[side=bottom]:slide-in-from-top-2 data-[side=top]:slide-in-from-bottom-2 z-50 min-w-[8rem] overflow-hidden rounded-lg border border-slate-200 bg-white p-1 font-medium text-slate-700 shadow-sm",
+            "z-50 min-w-[8rem] overflow-hidden rounded-lg border border-slate-200 bg-white p-1 font-medium text-slate-700 shadow-sm animate-in data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2",
            className
          )}
          {...props}
@@ -5,9 +5,14 @@ import { useRouter } from "next/navigation";
 import { useTranslation } from "react-i18next";
 import { Button } from "@/modules/ui/components/button";

-export const GoBackButton = ({ url }: { url?: string }) => {
+interface GoBackButtonProps {
+  url?: string;
+}
+
+export const GoBackButton = ({ url }: Readonly<GoBackButtonProps>) => {
  const router = useRouter();
  const { t } = useTranslation();
+
  return (
    <Button
      size="sm"
@@ -17,6 +22,7 @@ export const GoBackButton = ({ url }: { url?: string }) => {
          router.push(url);
          return;
        }
+
        router.back();
      }}>
      <ArrowLeftIcon />
@@ -19,7 +19,7 @@ const PopoverContent: React.ForwardRefExoticComponent<
      align={align}
      sideOffset={sideOffset}
      className={cn(
-        "animate-in data-[side=bottom]:slide-in-from-top-2 data-[side=top]:slide-in-from-bottom-2 data-[side=right]:slide-in-from-left-2 data-[side=left]:slide-in-from-right-2 z-50 w-72 rounded-md border border-slate-100 bg-white p-4 shadow-md outline-none",
+        "z-50 w-72 rounded-md border border-slate-100 bg-white p-4 shadow-md outline-none animate-in data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2",
        className
      )}
      {...props}
@@ -23,7 +23,7 @@ const TooltipContent: React.ComponentType<TooltipPrimitive.TooltipContentProps>
      ref={ref}
      sideOffset={sideOffset}
      className={cn(
-        "animate-in fade-in-50 data-[side=bottom]:slide-in-from-top-1 data-[side=top]:slide-in-from-bottom-1 data-[side=left]:slide-in-from-right-1 data-[side=right]:slide-in-from-left-1 z-50 overflow-hidden rounded-md border border-slate-100 bg-white px-3 py-1.5 text-sm text-slate-700 shadow-md",
+        "z-50 overflow-hidden rounded-md border border-slate-100 bg-white px-3 py-1.5 text-sm text-slate-700 shadow-md animate-in fade-in-50 data-[side=bottom]:slide-in-from-top-1 data-[side=left]:slide-in-from-right-1 data-[side=right]:slide-in-from-left-1 data-[side=top]:slide-in-from-bottom-1",
        className
      )}
      {...props}
@@ -34,7 +34,6 @@ export const AppConnectionPage = async ({ params }: { params: Promise<{ workspac
              <IdBadge
                id={workspace.legacyEnvironmentId}
                label={t("workspace.app-connection.environment_id_legacy")}
-                copyDisabled
              />
            )}
            <IdBadge id={WEBAPP_URL} label={t("workspace.app-connection.webapp_url")} />
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Javi Aguilar	cb82ca7ff4	fix preact not supporting important in styles	2026-05-21 17:29:16 +02:00
Javi Aguilar	6ef5b48590	declare cva config outside	2026-05-21 17:09:13 +02:00
Javi Aguilar	fb4bf7ca6d	fix: back button not readable in dark backgrounds - fixes #7922	2026-05-21 16:28:31 +02:00
Javi Aguilar	11b4d34b79	refactor: allow arrays and falsy values in cn util	2026-05-21 16:27:51 +02:00
Johannes	c8b0bb2225	fix: reserve future contact keys and improve segment errors (ENG-1037, ENG-994) (#8101 ) Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-21 11:41:23 +00:00
Dhruwang Jariwala	f6aa27ba8c	fix: chart date range type switch + presets include today (ENG-1034, ENG-1035) (#8096 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-05-21 11:05:10 +00:00
Johannes	82765f7dd7	fix: allow enterprise oauth display names (#8099 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-05-21 10:59:35 +00:00
Dhruwang Jariwala	d5bbafcf90	fix: remount AI translation editor on value change, not disabled transition (#8084 )	2026-05-21 10:09:57 +00:00
Anshuman Pandey	db87a588b5	fix: adds close button on response error screen (#8093 )	2026-05-21 09:26:47 +00:00
Javi Aguilar	c834587c8d	chore: add typecheck command and fix format and type issues (#7999 )	2026-05-21 08:13:46 +00:00
Anshuman Pandey	ef18aacfa2	fix: fixes responseId client api issue with legacy environmentId (#8079 )	2026-05-21 06:15:27 +00:00
Dhruwang Jariwala	025a766c57	fix: show copy icon on legacy environmentId, reintroduce duplicate survey action (ENG-978, ENG-987) (#8061 ) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-21 05:21:33 +00:00
Bhagya Amarasinghe	f476db3128	fix: update Helm chart default image tag (#8072 )	2026-05-21 05:11:20 +00:00
Bhagya Amarasinghe	37023275ca	fix: require Cube API secret in compose (#8071 )	2026-05-21 05:07:57 +00:00
Bhagya Amarasinghe	9266f64588	fix: harden Helm env value rendering (#8070 )	2026-05-21 05:01:10 +00:00
Dhruwang Jariwala	032066194b	fix: render scheduled-plan-change description placeholders correctly (#8064 ) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-21 04:58:39 +00:00
Dhruwang Jariwala	0bef023302	fix: gate AI chart generation on smartTools, not dataAnalysis (ENG-1001) (#8060 ) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-21 04:53:42 +00:00
Dhruwang Jariwala	aa83ee336c	fix: route Manage Teams and integration OAuth callbacks to settings (ENG-988) (#8059 ) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-21 04:51:47 +00:00
Anshuman Pandey	4357f497a1	fix: sanitize CSV/XLSX exports against formula injection (#8045 )	2026-05-21 04:49:50 +00:00
Bhagya Amarasinghe	526c17af23	fix: wire Cube API secret into Helm defaults (#8068 )	2026-05-21 04:47:15 +00:00
Matti Nannt	a0ddadebad	fix: scope display contact lookup to workspace (ENG-818) (#8048 ) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-21 04:41:48 +00:00
Bhagya Amarasinghe	bc0d04f5e8	fix: staging AI chart Cube schema (#8057 )	2026-05-20 14:22:23 +00:00
Anshuman Pandey	f0967c2e23	fix: preserve legacy SDK shape with placeholder segment data (#8067 )	2026-05-20 16:21:13 +02:00
Johannes	13c9677edd	fix: correct settings sidebar back navigation behavior (#8052 ) Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-05-20 11:18:12 +00:00
Johannes	c0bf2ab7cc	fix: enforce billing-only settings access (#8053 ) Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-05-20 11:14:43 +00:00
Johannes	65d0f4ac0e	fix: add CSAT and CES summary filter icons (#8056 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-05-20 09:44:10 +00:00
Matti Nannt	655c0b5e47	fix: strip client-provided timestamps in client response API (ENG-828) (#8047 ) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-20 06:53:42 +00:00