fix: require Cube API secret in compose

fix: staging AI chart Cube schema (#8057 )
fix: preserve legacy SDK shape with placeholder segment data (#8067 )
2026-05-20 19:48:52 -05:00 · 2026-05-20 20:24:22 +05:30 · 2026-05-20 14:22:23 +00:00 · 2026-05-20 16:21:13 +02:00 · 2026-05-20 11:18:12 +00:00 · 2026-05-20 11:14:43 +00:00
24 changed files with 412 additions and 84 deletions
@@ -194,7 +194,7 @@ export const MainNavigation = ({
  const settingsNavigationItem = useMemo(
    () => ({
      name: t("common.settings"),
-      href: `/workspaces/${workspace.id}/settings`,
+      href: `/workspaces/${workspace.id}/settings/workspace/general`,
      icon: SettingsIcon,
      isActive: isSettingsMode,
      disabled: isMembershipPending || isBilling,
@@ -467,7 +467,7 @@ export const MainNavigation = ({
          {isSettingsMode ? (
            <div className="flex flex-col overflow-hidden">
              <div className="mb-2 px-3">
-                <GoBackButton />
+                <GoBackButton url={`/workspaces/${workspace.id}/surveys`} />
              </div>

              {/* Settings sidebar content */}
@@ -335,6 +335,7 @@ export const SettingsSidebarContent = ({
      href: `${basePath}/organization/feedback-directories`,
      icon: <FoldersIcon className={iconClassName} />,
      hidden: isMember,
+      disabled: !isOwnerOrManager,
    },
    {
      id: "org-api-keys",
@@ -373,12 +374,14 @@ export const SettingsSidebarContent = ({
      label: t("common.your_profile"),
      href: `${basePath}/account/profile`,
      icon: <UserCircleIcon className={iconClassName} />,
+      disabled: isBilling,
    },
    {
      id: "notifications",
      label: t("common.notifications"),
      href: `${basePath}/account/notifications`,
      icon: <BellIcon className={iconClassName} />,
+      disabled: isBilling,
    },
  ];

@@ -1,4 +1,11 @@
-const AccountSettingsLayout = (props: { children: React.ReactNode }) => {
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
+
+const AccountSettingsLayout = async (props: Readonly<{
+  params: Promise<{ workspaceId: string }>;
+  children: React.ReactNode;
+}>) => {
+  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
  return <>{props.children}</>;
 };

@@ -0,0 +1,54 @@
+import { redirect } from "next/navigation";
+import { describe, expect, test, vi } from "vitest";
+import { getBillingFallbackPath } from "@/lib/membership/navigation";
+import { getWorkspaceAuth } from "@/modules/workspaces/lib/utils";
+import { redirectBillingRoleFromRestrictedSettings } from "./redirect-billing-role";
+
+const mocks = vi.hoisted(() => ({
+  getBillingFallbackPath: vi.fn(),
+  getWorkspaceAuth: vi.fn(),
+  isFormbricksCloud: false,
+}));
+
+vi.mock("@/lib/constants", () => ({
+  IS_FORMBRICKS_CLOUD: mocks.isFormbricksCloud,
+}));
+
+vi.mock("@/lib/membership/navigation", () => ({
+  getBillingFallbackPath: mocks.getBillingFallbackPath,
+}));
+
+vi.mock("@/modules/workspaces/lib/utils", () => ({
+  getWorkspaceAuth: mocks.getWorkspaceAuth,
+}));
+
+const workspaceId = "workspace-1";
+const billingFallbackPath = `/workspaces/${workspaceId}/settings/organization/billing`;
+
+const getWorkspaceAuthResponse = (isBilling: boolean) =>
+  ({
+    isBilling,
+  }) as Awaited<ReturnType<typeof getWorkspaceAuth>>;
+
+describe("redirectBillingRoleFromRestrictedSettings", () => {
+  test("does not redirect non-billing workspace members", async () => {
+    vi.mocked(getWorkspaceAuth).mockResolvedValue(getWorkspaceAuthResponse(false));
+
+    await expect(redirectBillingRoleFromRestrictedSettings(workspaceId)).resolves.toBeUndefined();
+
+    expect(getWorkspaceAuth).toHaveBeenCalledWith(workspaceId);
+    expect(getBillingFallbackPath).not.toHaveBeenCalled();
+    expect(redirect).not.toHaveBeenCalled();
+  });
+
+  test("redirects billing users to the billing fallback path", async () => {
+    vi.mocked(getWorkspaceAuth).mockResolvedValue(getWorkspaceAuthResponse(true));
+    vi.mocked(getBillingFallbackPath).mockReturnValue(billingFallbackPath);
+
+    await redirectBillingRoleFromRestrictedSettings(workspaceId);
+
+    expect(getWorkspaceAuth).toHaveBeenCalledWith(workspaceId);
+    expect(getBillingFallbackPath).toHaveBeenCalledWith(workspaceId, mocks.isFormbricksCloud);
+    expect(redirect).toHaveBeenCalledWith(billingFallbackPath);
+  });
+});
@@ -0,0 +1,12 @@
+import { redirect } from "next/navigation";
+import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
+import { getBillingFallbackPath } from "@/lib/membership/navigation";
+import { getWorkspaceAuth } from "@/modules/workspaces/lib/utils";
+
+export const redirectBillingRoleFromRestrictedSettings = async (workspaceId: string): Promise<void> => {
+  const { isBilling } = await getWorkspaceAuth(workspaceId);
+
+  if (isBilling) {
+    redirect(getBillingFallbackPath(workspaceId, IS_FORMBRICKS_CLOUD));
+  }
+};
@@ -1,3 +1,11 @@
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
 import { APIKeysPage } from "@/modules/organization/settings/api-keys/page";

-export default APIKeysPage;
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
+  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
+
+  return APIKeysPage(props);
+};
+
+export default Page;
@@ -1,3 +1,18 @@
+import { redirect } from "next/navigation";
+import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
+import { getBillingFallbackPath } from "@/lib/membership/navigation";
 import { PricingPage } from "@/modules/ee/billing/page";
+import { getWorkspaceAuth } from "@/modules/workspaces/lib/utils";

-export default PricingPage;
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
+  const params = await props.params;
+  const { isBilling } = await getWorkspaceAuth(params.workspaceId);
+
+  if (isBilling && !IS_FORMBRICKS_CLOUD) {
+    redirect(getBillingFallbackPath(params.workspaceId, IS_FORMBRICKS_CLOUD));
+  }
+
+  return PricingPage(props);
+};
+
+export default Page;
@@ -1,6 +1,7 @@
 import { notFound } from "next/navigation";
 import { AuthenticationError } from "@formbricks/types/errors";
 import { SettingsCard } from "@/app/(app)/workspaces/[workspaceId]/settings/components/SettingsCard";
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
 import { PrettyUrlsTable } from "@/app/(app)/workspaces/[workspaceId]/settings/organization/domain/components/pretty-urls-table";
 import { IS_FORMBRICKS_CLOUD, IS_STORAGE_CONFIGURED } from "@/lib/constants";
 import { getTranslate } from "@/lingodotdev/server";
@@ -12,8 +13,9 @@ import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getWorkspaceAuth } from "@/modules/workspaces/lib/utils";

-const Page = async (props: { params: Promise<{ workspaceId: string }> }) => {
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
  const t = await getTranslate();

  if (IS_FORMBRICKS_CLOUD) {
@@ -1,9 +1,10 @@
 import { CheckIcon } from "lucide-react";
 import Link from "next/link";
-import { notFound } from "next/navigation";
+import { notFound, redirect } from "next/navigation";
 import { EnterpriseLicenseFeaturesTable } from "@/app/(app)/workspaces/[workspaceId]/settings/organization/enterprise/components/EnterpriseLicenseFeaturesTable";
 import { EnterpriseLicenseStatus } from "@/app/(app)/workspaces/[workspaceId]/settings/organization/enterprise/components/EnterpriseLicenseStatus";
 import { ENTERPRISE_LICENSE_REQUEST_FORM_URL, IS_FORMBRICKS_CLOUD } from "@/lib/constants";
+import { getBillingFallbackPath } from "@/lib/membership/navigation";
 import { getTranslate } from "@/lingodotdev/server";
 import { GRACE_PERIOD_MS, getEnterpriseLicense } from "@/modules/ee/license-check/lib/license";
 import { Button } from "@/modules/ui/components/button";
@@ -11,15 +12,19 @@ import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getWorkspaceAuth } from "@/modules/workspaces/lib/utils";

-const Page = async (props: { params: Promise<{ workspaceId: string }> }) => {
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
  const params = await props.params;
  const t = await getTranslate();
+  const { isBilling, isMember } = await getWorkspaceAuth(params.workspaceId);
+
+  if (isBilling && IS_FORMBRICKS_CLOUD) {
+    redirect(getBillingFallbackPath(params.workspaceId, IS_FORMBRICKS_CLOUD));
+  }
+
  if (IS_FORMBRICKS_CLOUD) {
    return notFound();
  }

-  const { isMember } = await getWorkspaceAuth(params.workspaceId);
-
  const isPricingDisabled = isMember;

  if (isPricingDisabled) {
@@ -1 +1,11 @@
-export { FeedbackDirectoriesPage as default } from "@/modules/ee/feedback-directory/page";
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
+import { FeedbackDirectoriesPage } from "@/modules/ee/feedback-directory/page";
+
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
+  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
+
+  return FeedbackDirectoriesPage(props);
+};
+
+export default Page;
@@ -1,3 +1,4 @@
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
 import { isInstanceAIConfigured } from "@/lib/ai/service";
 import {
  ENTERPRISE_LICENSE_REQUEST_FORM_URL,
@@ -26,8 +27,9 @@ import { DeleteOrganization } from "./components/DeleteOrganization";
 import { EditOrganizationNameForm } from "./components/EditOrganizationNameForm";
 import { SecurityListTip } from "./components/SecurityListTip";

-const Page = async (props: { params: Promise<{ workspaceId: string }> }) => {
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
  const t = await getTranslate();

  const { session, currentUserMembership, organization, isOwner, isManager } = await getWorkspaceAuth(
@@ -1,3 +1,11 @@
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";
 import { TeamsPage } from "@/modules/organization/settings/teams/page";

-export default TeamsPage;
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
+  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
+
+  return TeamsPage(props);
+};
+
+export default Page;
@@ -1,7 +1,9 @@
 import { redirect } from "next/navigation";
+import { redirectBillingRoleFromRestrictedSettings } from "@/app/(app)/workspaces/[workspaceId]/settings/lib/redirect-billing-role";

-const Page = async (props: { params: Promise<{ workspaceId: string }> }) => {
+const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }>) => {
  const params = await props.params;
+  await redirectBillingRoleFromRestrictedSettings(params.workspaceId);
  return redirect(`/workspaces/${params.workspaceId}/settings/workspace/general`);
 };

@@ -103,6 +103,7 @@ describe("getWorkspaceStateData", () => {
        id: workspaceId,
        appSetupCompleted: true,
        workspaceSettings: {
+          id: workspaceId,
          recontactDays: 30,
          clickOutsideClose: true,
          overlay: "none",
@@ -111,7 +112,14 @@ describe("getWorkspaceStateData", () => {
          styling: { allowStyleOverwrite: false },
        },
      },
-      surveys: mockWorkspaceData.surveys,
+      // `survey.name` is replaced with a back-compat placeholder; segment was
+      // null in the mock so the sanitized segment stays null.
+      surveys: [
+        {
+          ...mockWorkspaceData.surveys[0],
+          name: "[deprecated] survey name omitted from public API - will be removed soon",
+        },
+      ],
      actionClasses: mockWorkspaceData.actionClasses,
    });

@@ -211,6 +219,7 @@ describe("getWorkspaceStateData", () => {
    const result = await getWorkspaceStateData(workspaceId);

    expect(result.workspace.workspaceSettings).toEqual({
+      id: workspaceId,
      recontactDays: 14,
      clickOutsideClose: false,
      overlay: "dark",
@@ -42,6 +42,7 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
      where: { id: workspaceId },
      select: {
        id: true,
+        legacyEnvironmentId: true,
        appSetupCompleted: true,
        recontactDays: true,
        clickOutsideClose: true,
@@ -72,7 +73,9 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
          select: {
            id: true,
            welcomeCard: true,
-            // name intentionally omitted — internal label not needed by the SDK
+            // `name` deliberately not selected — internal label not needed by the
+            // SDK and replaced with a fixed placeholder below so older SDKs that
+            // decoded `Survey.name` as a required field keep working.
            questions: true,
            blocks: true,
            variables: true,
@@ -99,9 +102,9 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
            styling: true,
            status: true,
            recaptcha: true,
-            // Fetch only what's needed to compute the minimal segment shape.
-            // Titles, descriptions, and filter conditions are evaluated server-side
-            // and must not be sent to the browser.
+            // Only need to know if any filters exist so we can compute
+            // `hasFilters`. Real filter values, segment title/description, and
+            // surveys-list relation are never exposed to clients.
            segment: {
              select: {
                id: true,
@@ -135,17 +138,46 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
      throw new ResourceNotFoundError("workspace", workspaceId);
    }

-    // Transform surveys using the shared utility, then replace the segment with
-    // the minimal public shape (id + hasFilters). We null out segment before
-    // calling transformPrismaSurvey because that function expects a surveys[]
-    // relation on the segment object (used by the management API), which we
-    // intentionally don't fetch here.
+    // Backwards-compat response shape for SDKs from before PR #7931. Those
+    // clients decoded `survey.name` and the full `segment` object as required
+    // fields, so the response must still carry that shape — but every field
+    // that could leak sensitive targeting data is replaced with a placeholder.
+    // The actual segment-membership check happens server-side (segment IDs in
+    // POST /user); SDKs only inspect `filters.length` / `hasFilters` locally.
+    //
+    // `environmentId` mirrors `legacyEnvironmentId ?? workspace.id`, matching
+    // the `/me` endpoints' pattern so migrated workspaces keep returning the
+    // original env ID older clients persisted.
+    const legacyOrCurrentId = workspaceData.legacyEnvironmentId ?? workspaceData.id;
+    const placeholderDate = new Date(0);
+    const placeholderFilter = {
+      id: "placeholder",
+      connector: null,
+      resource: {
+        id: "placeholder",
+        root: { type: "device", deviceType: "phone" },
+        value: "deprecated",
+        qualifier: { operator: "equals" },
+      },
+    };
+
    const transformedSurveys = workspaceData.surveys.map((survey) => {
-      const minimalSegment = survey.segment
+      const realHasFilters =
+        Array.isArray(survey.segment?.filters) && (survey.segment.filters as unknown[]).length > 0;
+
+      const sanitizedSegment = survey.segment
        ? {
            id: survey.segment.id,
-            hasFilters:
-              Array.isArray(survey.segment.filters) && (survey.segment.filters as unknown[]).length > 0,
+            title: "[deprecated] segment title omitted from public API - will be removed soon",
+            description: null,
+            isPrivate: true,
+            filters: realHasFilters ? [placeholderFilter] : [],
+            environmentId: legacyOrCurrentId,
+            workspaceId: legacyOrCurrentId,
+            createdAt: placeholderDate,
+            updatedAt: placeholderDate,
+            surveys: [],
+            hasFilters: realHasFilters,
          }
        : null;

@@ -155,7 +187,11 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
        segment: null,
      });

-      return { ...transformed, segment: minimalSegment };
+      return {
+        ...transformed,
+        name: "[deprecated] survey name omitted from public API - will be removed soon",
+        segment: sanitizedSegment,
+      };
    });

    return {
@@ -163,6 +199,7 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
        id: workspaceData.id,
        appSetupCompleted: workspaceData.appSetupCompleted,
        workspaceSettings: {
+          id: workspaceData.id,
          recontactDays: workspaceData.recontactDays,
          clickOutsideClose: workspaceData.clickOutsideClose,
          overlay: workspaceData.overlay,
@@ -171,7 +208,11 @@ export const getWorkspaceStateData = async (workspaceId: string): Promise<Worksp
          styling: resolveStorageUrlsInObject(workspaceData.styling),
        },
      },
-      surveys: resolveStorageUrlsInObject(transformedSurveys),
+      // The runtime shape carries extra back-compat fields (placeholder
+      // segment, `hasFilters`, mirrored `environmentId`) that aren't part of
+      // the modern `TJsWorkspaceStateSurvey`. Cast through unknown — this is
+      // intentional and only this endpoint's response widens the type.
+      surveys: resolveStorageUrlsInObject(transformedSurveys) as unknown as TJsWorkspaceStateSurvey[],
      actionClasses: workspaceData.actionClasses,
    };
  } catch (error) {
@@ -104,7 +104,11 @@ export const createResponse = async (

    const ttc = initialTtc ? (finished ? calculateTtcTotal(initialTtc) : initialTtc) : {};

-    const prismaData = buildPrismaResponseData(responseInput, contact, ttc);
+    const prismaData = buildPrismaResponseData(
+      { ...responseInput, createdAt: undefined, updatedAt: undefined },
+      contact,
+      ttc
+    );

    const prismaClient = tx ?? prisma;

@@ -49,18 +49,7 @@ const buildPrismaResponseData = (
  contact: { id: string; attributes: TContactAttributes } | null,
  ttc: Record<string, number>
 ): Prisma.ResponseCreateInput => {
-  const {
-    surveyId,
-    displayId,
-    finished,
-    data,
-    language,
-    meta,
-    singleUseId,
-    variables,
-    createdAt,
-    updatedAt,
-  } = responseInput;
+  const { surveyId, displayId, finished, data, language, meta, singleUseId, variables } = responseInput;

  return {
    survey: {
@@ -84,8 +73,6 @@ const buildPrismaResponseData = (
    singleUseId,
    ...(variables && { variables }),
    ttc: ttc,
-    createdAt,
-    updatedAt,
  };
 };

@@ -1,3 +1,5 @@
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
 import { describe, expect, test } from "vitest";
 import {
  FEEDBACK_FIELDS,
@@ -6,6 +8,17 @@ import {
  getFilterOperatorsForType,
 } from "./schema-definition";

+const chartCubeSchemaPath = fileURLToPath(
+  new URL("../../../../../../charts/formbricks/cube/schema/FeedbackRecords.js", import.meta.url)
+);
+const dockerCubeSchemaPath = fileURLToPath(
+  new URL("../../../../../../docker/cube/schema/FeedbackRecords.js", import.meta.url)
+);
+
+const readChartCubeSchema = (): string => readFileSync(chartCubeSchemaPath, "utf8");
+const readDockerCubeSchema = (): string => readFileSync(dockerCubeSchemaPath, "utf8");
+const getCubeMemberName = (id: string): string => id.replace("FeedbackRecords.", "");
+
 describe("schema-definition", () => {
  describe("getFilterOperatorsForType", () => {
    test("returns string operators", () => {
@@ -94,5 +107,20 @@ describe("schema-definition", () => {
      );
      expect(ids).not.toContain("FeedbackRecords.averageScore");
    });
+
+    test("only exposes members present in the deployed Cube schema", () => {
+      const chartCubeSchema = readChartCubeSchema();
+      const exposedMembers = [...FEEDBACK_FIELDS.measures, ...FEEDBACK_FIELDS.dimensions].map(({ id }) =>
+        getCubeMemberName(id)
+      );
+
+      for (const member of exposedMembers) {
+        expect(chartCubeSchema).toContain(`    ${member}: {`);
+      }
+    });
+
+    test("keeps the Helm and Docker Cube schemas in sync", () => {
+      expect(readChartCubeSchema()).toBe(readDockerCubeSchema());
+    });
  });
 });
@@ -5,9 +5,14 @@ import { useRouter } from "next/navigation";
 import { useTranslation } from "react-i18next";
 import { Button } from "@/modules/ui/components/button";

-export const GoBackButton = ({ url }: { url?: string }) => {
+interface GoBackButtonProps {
+  url?: string;
+}
+
+export const GoBackButton = ({ url }: Readonly<GoBackButtonProps>) => {
  const router = useRouter();
  const { t } = useTranslation();
+
  return (
    <Button
      size="sm"
@@ -17,6 +22,7 @@ export const GoBackButton = ({ url }: { url?: string }) => {
          router.push(url);
          return;
        }
+
        router.back();
      }}>
      <ArrowLeftIcon />
@@ -9,46 +9,120 @@ cube(`FeedbackRecords`, {
      description: `Total number of feedback responses`,
    },

+    uniqueRespondents: {
+      type: `countDistinct`,
+      sql: `${CUBE}.user_id`,
+      description: `Number of unique users who provided feedback`,
+    },
+
+    uniqueResponses: {
+      type: `countDistinct`,
+      sql: `${CUBE}.submission_id`,
+      description: `Number of unique survey submissions (a submission can produce multiple feedback records)`,
+    },
+
    promoterCount: {
      type: `count`,
-      filters: [{ sql: `${CUBE}.value_number >= 9` }],
-      description: `Number of promoters (NPS score 9-10)`,
+      filters: [{ sql: `${CUBE}.field_type = 'nps' AND ${CUBE}.value_number >= 9` }],
+      description: `Number of NPS promoters (score 9-10)`,
    },

    detractorCount: {
      type: `count`,
-      filters: [{ sql: `${CUBE}.value_number >= 0 AND ${CUBE}.value_number <= 6` }],
-      description: `Number of detractors (NPS score 0-6)`,
+      filters: [{ sql: `${CUBE}.field_type = 'nps' AND ${CUBE}.value_number BETWEEN 0 AND 6` }],
+      description: `Number of NPS detractors (score 0-6)`,
    },

    passiveCount: {
      type: `count`,
-      filters: [{ sql: `${CUBE}.value_number >= 7 AND ${CUBE}.value_number <= 8` }],
-      description: `Number of passives (NPS score 7-8)`,
+      filters: [{ sql: `${CUBE}.field_type = 'nps' AND ${CUBE}.value_number BETWEEN 7 AND 8` }],
+      description: `Number of NPS passives (score 7-8)`,
    },

    npsScore: {
      type: `number`,
      sql: `
        CASE
-          WHEN COUNT(*) = 0 THEN 0
+          WHEN COUNT(CASE WHEN ${CUBE}.field_type = 'nps' AND ${CUBE}.value_number IS NOT NULL THEN 1 END) = 0 THEN NULL
          ELSE ROUND(
            (
-              (COUNT(CASE WHEN ${CUBE}.value_number >= 9 THEN 1 END)::numeric -
-               COUNT(CASE WHEN ${CUBE}.value_number >= 0 AND ${CUBE}.value_number <= 6 THEN 1 END)::numeric)
-              / COUNT(*)::numeric
+              (COUNT(CASE WHEN ${CUBE}.field_type = 'nps' AND ${CUBE}.value_number >= 9 THEN 1 END)::numeric -
+               COUNT(CASE WHEN ${CUBE}.field_type = 'nps' AND ${CUBE}.value_number BETWEEN 0 AND 6 THEN 1 END)::numeric)
+              / COUNT(CASE WHEN ${CUBE}.field_type = 'nps' AND ${CUBE}.value_number IS NOT NULL THEN 1 END)::numeric
            ) * 100,
            2
          )
        END
      `,
-      description: `Net Promoter Score: ((Promoters - Detractors) / Total) * 100`,
+      description: `Net Promoter Score: ((Promoters - Detractors) / Answered NPS responses) * 100. NULL when there are no answered NPS responses.`,
    },

-    averageScore: {
+    npsAverage: {
      type: `avg`,
      sql: `${CUBE}.value_number`,
-      description: `Average NPS score`,
+      filters: [{ sql: `${CUBE}.field_type = 'nps'` }],
+      description: `Average NPS rating (0-10)`,
+    },
+
+    csatCount: {
+      type: `count`,
+      filters: [{ sql: `${CUBE}.field_type = 'csat' AND ${CUBE}.value_number IS NOT NULL` }],
+      description: `Number of answered CSAT responses (dismissed responses excluded).`,
+    },
+
+    csatSatisfiedCount: {
+      type: `count`,
+      filters: [{ sql: `${CUBE}.field_type = 'csat' AND ${CUBE}.value_number >= 4` }],
+      description: `Number of satisfied CSAT responses (top-2-box on the 1-5 scale)`,
+    },
+
+    csatDissatisfiedCount: {
+      type: `count`,
+      filters: [{ sql: `${CUBE}.field_type = 'csat' AND ${CUBE}.value_number BETWEEN 1 AND 2` }],
+      description: `Number of dissatisfied CSAT responses (bottom-2-box on the 1-5 scale)`,
+    },
+
+    csatNeutralCount: {
+      type: `count`,
+      filters: [{ sql: `${CUBE}.field_type = 'csat' AND ${CUBE}.value_number = 3` }],
+      description: `Number of neutral CSAT responses (middle box on the 1-5 scale)`,
+    },
+
+    csatScore: {
+      type: `number`,
+      sql: `
+        CASE
+          WHEN COUNT(CASE WHEN ${CUBE}.field_type = 'csat' AND ${CUBE}.value_number IS NOT NULL THEN 1 END) = 0 THEN NULL
+          ELSE ROUND(
+            (
+              COUNT(CASE WHEN ${CUBE}.field_type = 'csat' AND ${CUBE}.value_number >= 4 THEN 1 END)::numeric
+              / COUNT(CASE WHEN ${CUBE}.field_type = 'csat' AND ${CUBE}.value_number IS NOT NULL THEN 1 END)::numeric
+            ) * 100,
+            2
+          )
+        END
+      `,
+      description: `CSAT Score: % of answered CSAT responses rated 4 or 5 (top-2-box on the 1-5 scale). NULL when there are no answered CSAT responses.`,
+    },
+
+    csatAverage: {
+      type: `avg`,
+      sql: `${CUBE}.value_number`,
+      filters: [{ sql: `${CUBE}.field_type = 'csat'` }],
+      description: `Average CSAT rating (1-5)`,
+    },
+
+    cesCount: {
+      type: `count`,
+      filters: [{ sql: `${CUBE}.field_type = 'ces' AND ${CUBE}.value_number IS NOT NULL` }],
+      description: `Number of answered CES responses (dismissed responses excluded).`,
+    },
+
+    cesAverage: {
+      type: `avg`,
+      sql: `${CUBE}.value_number`,
+      filters: [{ sql: `${CUBE}.field_type = 'ces'` }],
+      description: `Average CES rating (scale is 1-5 or 1-7 depending on the question)`,
    },
  },

@@ -77,22 +151,70 @@ cube(`FeedbackRecords`, {
      description: `Type of feedback field (e.g., nps, text, rating)`,
    },

+    fieldLabel: {
+      sql: `field_label`,
+      type: `string`,
+      description: `Human-readable label of the question/field (e.g., "How satisfied are you with support?")`,
+    },
+
+    fieldGroupLabel: {
+      sql: `field_group_label`,
+      type: `string`,
+      description: `Label of the parent composite question for matrix/ranking rows`,
+    },
+
+    language: {
+      sql: `language`,
+      type: `string`,
+      description: `Response language code (e.g., "en", "de"). NULL when language is "default".`,
+    },
+
    collectedAt: {
      sql: `collected_at`,
      type: `time`,
      description: `Timestamp when the feedback was collected`,
    },

-    npsValue: {
+    createdAt: {
+      sql: `created_at`,
+      type: `time`,
+      description: `Timestamp when the feedback record was created in Hub`,
+    },
+
+    updatedAt: {
+      sql: `updated_at`,
+      type: `time`,
+      description: `Timestamp when the feedback record was last updated in Hub`,
+    },
+
+    valueNumber: {
      sql: `value_number`,
      type: `number`,
-      description: `Raw NPS score value (0-10)`,
+      description: `Numeric answer value (NPS 0-10, CSAT 1-5, CES 1-5 or 1-7, rating, generic number). Pair with a fieldType filter to keep scales consistent.`,
+    },
+
+    valueText: {
+      sql: `value_text`,
+      type: `string`,
+      description: `Text answer value (open text, or the label of a multiple-choice / categorical answer). Pair with a fieldType filter to keep types consistent.`,
+    },
+
+    valueBoolean: {
+      sql: `value_boolean`,
+      type: `boolean`,
+      description: `Boolean answer value (yes/no questions). Pair with a fieldType filter.`,
+    },
+
+    valueDate: {
+      sql: `value_date`,
+      type: `time`,
+      description: `Date answer value (e.g., "preferred meeting date"). Pair with a fieldType filter.`,
    },

    responseId: {
-      sql: `response_id`,
+      sql: `submission_id`,
      type: `string`,
-      description: `Unique identifier linking related feedback records`,
+      description: `Unique identifier linking related feedback records (submission_id in Hub)`,
    },

    userId: {
@@ -33,7 +33,7 @@ That's it! After running the command and providing the required information, vis
 The stack includes the [Formbricks Hub](https://github.com/formbricks/hub) API (`ghcr.io/formbricks/hub`) and the bundled Cube service. Hub and Cube share the same database as Formbricks by default and both start as part of the baseline `docker compose up`.

 - **Migrations**: A `hub-migrate` service runs Hub's database migrations (goose + river) before the Hub API starts. It runs on every `docker compose up` and is idempotent.
- **Production** (`docker/docker-compose.yml`): Set `HUB_API_KEY` and `CUBEJS_API_SECRET` (both required). `HUB_API_URL` defaults to `http://hub:8080` and `CUBEJS_API_URL` defaults to `http://cube:4000` so the Formbricks app reaches Hub and Cube inside the compose network. Cube JWT issuer/audience default to `formbricks-web` and `formbricks-cube`, and the bundled Cube service exposes only `meta,data` API scopes. Override `HUB_DATABASE_URL` and `CUBEJS_DB_*` only if Hub or Cube should use a separate database. The Hub image tracks `:latest` by default so `formbricks.sh update` advances Hub in lockstep with the app. `hub` and `hub-migrate` always resolve to the same image. To pin to an immutable reference, set `HUB_IMAGE_REF` in `docker/.env` to either a tag (e.g. `:0.3.0`) or a digest (e.g. `@sha256:14db7b3d...`).
+- **Production** (`docker/docker-compose.yml`): Set `HUB_API_KEY` and `CUBEJS_API_SECRET` (both required). Run `docker compose config >/dev/null` after creating `.env`; it fails if either value is missing or empty. `HUB_API_URL` defaults to `http://hub:8080` and `CUBEJS_API_URL` defaults to `http://cube:4000` so the Formbricks app reaches Hub and Cube inside the compose network. Cube JWT issuer/audience default to `formbricks-web` and `formbricks-cube`, and the bundled Cube service exposes only `meta,data` API scopes. Override `HUB_DATABASE_URL` and `CUBEJS_DB_*` only if Hub or Cube should use a separate database. The Hub image tracks `:latest` by default so `formbricks.sh update` advances Hub in lockstep with the app. `hub` and `hub-migrate` always resolve to the same image. To pin to an immutable reference, set `HUB_IMAGE_REF` in `docker/.env` to either a tag (e.g. `:0.3.0`) or a digest (e.g. `@sha256:14db7b3d...`).
 - **Development** (`docker-compose.dev.yml`): Hub uses a dedicated local `hub` database and `HUB_API_KEY` defaults to `dev-api-key`. The dev stack starts `hub` plus `hub-worker`; set `EMBEDDING_PROVIDER`, `EMBEDDING_MODEL`, and any provider credentials in the repo root `.env` to enable Hub embeddings locally. See the [Hub embeddings environment reference](https://hub.formbricks.com/reference/environment-variables/#embeddings) for provider-specific values. Cube starts with the dev stack, `CUBEJS_API_URL` defaults to `http://localhost:4000`, and `pnpm dev:setup` generates `CUBEJS_API_SECRET` in the repo root `.env`. The Hub image is pinned to a semver tag (`hub`, `hub-worker`, and `hub-migrate` share the same value); override `HUB_IMAGE_TAG` in the repo root `.env` to test a specific Hub release.

 In development, Hub is exposed locally on port **8080** and Cube on **4000** (with the Cube playground on **4001**). In production Docker Compose, both stay internal to the compose network at `http://hub:8080` and `http://cube:4000`.
@@ -40,7 +40,7 @@ x-environment: &environment

    # Cube semantic-layer API used by Formbricks analytics. Required.
    CUBEJS_API_URL: ${CUBEJS_API_URL:-http://cube:4000}
-    CUBEJS_API_SECRET: ${CUBEJS_API_SECRET:-}
+    CUBEJS_API_SECRET: ${CUBEJS_API_SECRET:?CUBEJS_API_SECRET is required to run Cube}
    CUBEJS_JWT_ISSUER: ${CUBEJS_JWT_ISSUER:-formbricks-web}
    CUBEJS_JWT_AUDIENCE: ${CUBEJS_JWT_AUDIENCE:-formbricks-cube}

@@ -312,7 +312,7 @@ services:
      CUBEJS_DB_USER: ${CUBEJS_DB_USER:-postgres}
      CUBEJS_DB_PASS: ${CUBEJS_DB_PASS:-postgres}
      CUBEJS_DB_PORT: ${CUBEJS_DB_PORT:-5432}
-      CUBEJS_API_SECRET: ${CUBEJS_API_SECRET:-}
+      CUBEJS_API_SECRET: ${CUBEJS_API_SECRET:?CUBEJS_API_SECRET is required to run Cube}
      CUBEJS_JWT_ISSUER: ${CUBEJS_JWT_ISSUER:-formbricks-web}
      CUBEJS_JWT_AUDIENCE: ${CUBEJS_JWT_AUDIENCE:-formbricks-cube}
      CUBEJS_DEFAULT_API_SCOPES: meta,data
@@ -18,8 +18,8 @@ Make sure Docker and Docker Compose are installed on your system. These are usua
 <Info>
  Starting with Formbricks v5, the production Docker Compose stack includes Formbricks Hub and Cube as part of
  the baseline. Generate `HUB_API_KEY` and `CUBEJS_API_SECRET` during setup, keep `HUB_API_URL` at its
-  internal default unless Hub runs elsewhere, and use the [migration guide](/self-hosting/advanced/migration#v5)
-  when upgrading an existing 4.x instance.
+  internal default unless Hub runs elsewhere, and use the [migration
+  guide](/self-hosting/advanced/migration#v5) when upgrading an existing 4.x instance.
 </Info>

 ## Start
@@ -56,6 +56,16 @@ Make sure Docker and Docker Compose are installed on your system. These are usua
   EOF
   ```

+1. **Validate the Docker Compose Configuration**
+
+   Confirm Docker Compose can resolve the required Hub and Cube variables before starting the stack:
+
+   ```bash
+   docker compose config >/dev/null
+   ```
+
+   This command fails if `HUB_API_KEY` or `CUBEJS_API_SECRET` is missing or empty in `.env`.
+
 1. **Generate NextAuth Secret**

   You need a NextAuth secret for session signing and encryption. Run one of the commands below based on your operating system:
@@ -122,8 +132,8 @@ Make sure Docker and Docker Compose are installed on your system. These are usua

   <Info>
     The bundled production stack already sets <code>HUB_API_URL</code> to <code>http://hub:8080</code>. Only
-     change that value if your Formbricks app needs to reach Hub at a different address. If your deployment also
-     resolves Compose variables from a shell environment or <code>.env</code> file, keep the same
+     change that value if your Formbricks app needs to reach Hub at a different address. If your deployment
+     also resolves Compose variables from a shell environment or <code>.env</code> file, keep the same
     <code>HUB_API_KEY</code> available there as well.
   </Info>

@@ -143,8 +153,8 @@ Make sure Docker and Docker Compose are installed on your system. These are usua
   Once the setup is running, open [**http://localhost:3000**](http://localhost:3000) in your browser to access Formbricks. The first time you visit, you'll see a setup wizard. Follow the steps to create your first user and start using Formbricks.

 <Note>
-  The bundled Docker stack keeps Formbricks Hub and Cube internal to the compose network. The app reaches
-  them through `http://hub:8080` and `http://cube:4000`.
+  The bundled Docker stack keeps Formbricks Hub and Cube internal to the compose network. The app reaches them
+  through `http://hub:8080` and `http://cube:4000`.
 </Note>

 <Info>
@@ -1,14 +1,13 @@
 import { z } from "zod";
 import { ZActionClass } from "./action-classes";
 import { ZId } from "./common";
-import { ZJsWorkspaceStateSegment } from "./segment";
 import { ZUploadFileConfig } from "./storage";
 import { ZSurveyBase, surveyRefinement } from "./surveys/types";
 import { ZWorkspace } from "./workspace";

 export const ZJsWorkspaceStateSurvey = ZSurveyBase.pick({
  id: true,
-  // name intentionally omitted — internal label, not needed by SDK
+  name: true,
  welcomeCard: true,
  questions: true,
  blocks: true,
@@ -20,7 +19,7 @@ export const ZJsWorkspaceStateSurvey = ZSurveyBase.pick({
  autoClose: true,
  styling: true,
  status: true,
-  // segment intentionally omitted from pick — replaced with minimal shape below
+  segment: true,
  recontactDays: true,
  displayLimit: true,
  displayOption: true,
@@ -32,16 +31,9 @@ export const ZJsWorkspaceStateSurvey = ZSurveyBase.pick({
  isBackButtonHidden: true,
  isAutoProgressingEnabled: true,
  recaptcha: true,
-})
-  .extend({
-    // Only expose what the SDK needs: segment ID for membership check + whether any filters exist.
-    // Full filter logic (titles, descriptions, conditions) is evaluated server-side and must not
-    // be sent to the browser to avoid leaking sensitive targeting data.
-    segment: ZJsWorkspaceStateSegment.nullable(),
-  })
-  .superRefine((survey, ctx) => {
-    surveyRefinement(survey as z.infer<typeof ZSurveyBase>, ctx);
-  });
+}).superRefine((survey, ctx) => {
+  surveyRefinement(survey as z.infer<typeof ZSurveyBase>, ctx);
+});

 export type TJsWorkspaceStateSurvey = z.infer<typeof ZJsWorkspaceStateSurvey>;

@@ -56,6 +48,7 @@ export const ZJsWorkspaceStateActionClass = ZActionClass.pick({
 export type TJsWorkspaceStateActionClass = z.infer<typeof ZJsWorkspaceStateActionClass>;

 export const ZJsWorkspaceStateWorkspaceSetting = ZWorkspace.pick({
+  id: true,
  recontactDays: true,
  clickOutsideClose: true,
  overlay: true,
Author	SHA1	Message	Date
Bhagya Amarasinghe	a9821dcd93	fix: require Cube API secret in compose	2026-05-20 20:24:22 +05:30
Bhagya Amarasinghe	bc0d04f5e8	fix: staging AI chart Cube schema (#8057 )	2026-05-20 14:22:23 +00:00
Anshuman Pandey	f0967c2e23	fix: preserve legacy SDK shape with placeholder segment data (#8067 )	2026-05-20 16:21:13 +02:00
Johannes	13c9677edd	fix: correct settings sidebar back navigation behavior (#8052 ) Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-05-20 11:18:12 +00:00
Johannes	c0bf2ab7cc	fix: enforce billing-only settings access (#8053 ) Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-05-20 11:14:43 +00:00
Johannes	65d0f4ac0e	fix: add CSAT and CES summary filter icons (#8056 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-05-20 09:44:10 +00:00
Matti Nannt	655c0b5e47	fix: strip client-provided timestamps in client response API (ENG-828) (#8047 ) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-20 06:53:42 +00:00