A feature-level read of formbricks/formbricks — what the codebase actually contains, where its defect risk concentrates, and what to do about it. Derived from 365 days of git history.
[DRAFT — operator writes the verdict here after the verification pass.]
Overall feature health averages 73.1/100 — the 56th percentile of our 43-repo open-source benchmark corpus (median 69). The historical bug-fix ratio of 40% sits above the corpus median (39%).
[Key-risk cards appear here once curated.]
The engine grouped 2,243 files into 39 customer-facing product features. The 5 busiest — where the engineering actually went:
| Product feature | Commits | Bug-fix ratio | Health |
|---|---|---|---|
| Shared Platform | 655 | 41% (271/655) | 87 |
| Drag-and-Drop Survey Builder | 312 | 53% (164/312) | 62 |
| Entitlement & License Enforcement | 124 | 47% (58/124) | 60 |
| Email & Password Authentication | 114 | 22% (25/114) | 93 |
| Environment Tagging | 64 | 23% (15/64) | 82 |
DRAFT: rows below are engine output ranked by composite risk — verify, edit or drop each one in the Audit Studio before delivery. Rework = lines rewritten within 28 days of landing.
| # | Feature | Health | Bug-fix ratio | Rework | Why it matters | Status |
|---|---|---|---|---|---|---|
| 1 | Notion Integration Sync survey responses into Notion databases via field mapping. |
25 | 57% (4/7) | 8% (68/895) | Lowest-health tier of the codebase — every change here is high-risk | unverified |
| 2 | Airtable Integration Connect surveys to Airtable bases to auto-populate records with responses. |
35 | 50% (3/6) | 8% (68/873) | Lowest-health tier of the codebase — every change here is high-risk | unverified |
| 3 | Drag-and-Drop Survey Builder Visual editor for creating and editing surveys with 25+ question types (open text, multiple choice, rating, NPS, consent, address, CTA, matrix, ranking, and more). |
62 | 53% (164/312) | 7% (1350/20665) | Lowest-health tier of the codebase — every change here is high-risk | unverified |
| 4 | Survey Email Notifications Automated email follow-ups to respondents and alerts to team members on new responses. |
56 | 47% (20/43) | 2% (29/1279) | Lowest-health tier of the codebase — every change here is high-risk | unverified |
| 5 | Entitlement & License Enforcement Check feature entitlements and enterprise license guards to gate premium capabilities. |
60 | 47% (58/124) | 4% (390/8991) | Lowest-health tier of the codebase — every change here is high-risk | unverified |
| 6 | Organization Settings & Administration Manage organization name, AI toggles, deletion, and general org configuration. |
59 | 45% (26/58) | 8% (125/1625) | Lowest-health tier of the codebase — every change here is high-risk | unverified |
| 7 | Slack Integration Send real-time survey response notifications to Slack channels. |
51 | 43% (3/7) | 9% (68/768) | Lowest-health tier of the codebase — every change here is high-risk | unverified |
| 8 | Google Sheets Integration Two-way sync of survey responses into Google Sheets. |
53 | 56% (5/9) | 10% (71/743) | Lowest-health tier of the codebase — every change here is high-risk | unverified |
| 9 | In-App Survey JS SDK JavaScript/TypeScript SDK enabling developers to embed and trigger targeted in-app surveys from their web apps. |
61 | 42% (15/36) | 3% (10/325) | Lowest-health tier of the codebase — every change here is high-risk | unverified |
| 10 | Billing Confirmation Post-checkout confirmation page acknowledging successful billing/plan changes. |
54 | 40% (2/5) | 28% (10/36) | Lowest-health tier of the codebase — every change here is high-risk | unverified |
Files with the heaviest bug-fix history. Bar length = bug-fix commits; the ratio shows fixes as a share of all commits to that file.
Where bugs are born, not where they are fixed — each bug-fix commit traced back through blame to the commit that introduced the defective lines (SZZ). 608 fixes analyzed, 426 attributed (30% unattributable — mostly purely-additive fixes). 12% of defect-introducing commits are AI-authored.
| Feature | Introduction rate | Defect half-life | Born here, fixed elsewhere | AI / human introducers |
|---|---|---|---|---|
| Shared Platform | 26% (210/793) | 39d | — | 27 / 199 |
| Email & Password Authentication | 26% (204/773) | 38d | — | 26 / 193 |
| Survey Response Collection & Inbox | 24% (31/128) | 54d | 8% | 2 / 31 |
| Entitlement & License Enforcement | 22% (28/125) | 36d | 2% | 3 / 26 |
| Survey Share & Embed Options | 22% (22/102) | 55d | — | 0 / 25 |
| Survey Results Summary & Analysis | 21% (20/94) | 77d | 11% | 1 / 21 |
| Drag-and-Drop Survey Builder | 18% (73/410) | 63d | — | 7 / 72 |
| Survey Localization (i18n) | 17% (33/196) | 64d | — | 5 / 30 |
Half-life = median days a defect lived before its fix. Introduction rate = in-window introducing commits / commits touching the feature.
Feature pairs that increasingly change together (quarterly co-change Jaccard) — boundaries that are dissolving, with the files where they leak.
| Rising pair | Coupling series | Where it leaks |
|---|---|---|
| File Storage Management × Subscription Billing & Plans | 0.00 → 0.00 → 0.20 → 0.18 | billing/actions.ts lib/organization-billing.ts |
| Entitlement & License Enforcement × File Storage Management | 0.09 → 0.04 → 0.16 → 0.11 | billing/actions.ts lib/organization-billing.ts |
| Drag-and-Drop Survey Builder × Entitlement & License Enforcement | 0.05 → 0.07 → 0.08 → 0.10 | billing/actions.ts components/pricing-table.tsx |
| Drag-and-Drop Survey Builder × Multi-Project Workspace Management | 0.04 → 0.07 → 0.12 → 0.04 | components/theme-styling.tsx components/styling-view.tsx |
| Drag-and-Drop Survey Builder × Public Management API (v1/v2/v3) | 0.06 → 0.00 → 0.01 → 0.07 | lib/api-wrapper.ts surveys/serializers.ts |
Improving boundaries: Survey Results Summary & Analysis × Survey Share & Embed Options (0.39 → 0.06 → 0.11 → 0.00); Survey Response Collection & Inbox × Survey Share & Embed Options (0.33 → 0.00 → 0.10 → 0.00); AI-Powered Response Analysis × Survey Results Summary & Analysis (0.27 → 0.07 → 0.06 → 0.04) — refactoring that is visibly working.
No product feature with ≥10 commits depends on a single human owner.
| Feature | Orphaned | Lines | Departed owners |
|---|---|---|---|
| Action Class Triggers | 43.9% | 763 | Victor Hugo dos Santos (332 lines, last 2025-10-17), Piyush Gupta (3 lines, last 2025-10-01) |
| SAML SSO (Enterprise) | 40.1% | 496 | Victor Hugo dos Santos (199 lines, last 2025-10-17) |
| Survey Look & Feel Customization | 17.6% | 2,979 | Theodór Tómas (433 lines, last 2026-02-26), Victor Hugo dos Santos (72 lines, last 2025-10-17) |
| Survey Response Collection & Inbox | 12.5% | 4,057 | Piyush Gupta (303 lines, last 2025-10-01), Victor Hugo dos Santos (163 lines, last 2025-10-17) |
| Public Management API (v1/v2/v3) | 11.0% | 4,576 | Victor Hugo dos Santos (433 lines, last 2025-10-17), Piyush Gupta (55 lines, last 2025-10-01) |
| User Account Profile & Security | 10.4% | 2,222 | Victor Hugo dos Santos (170 lines, last 2025-10-17), Jakob Schott (53 lines, last 2025-10-06) |
| Team & Member Management | 9.8% | 4,731 | Victor Hugo dos Santos (284 lines, last 2025-10-17), Jakob Schott (107 lines, last 2025-10-06) |
| Survey Link Sharing | 8.8% | 867 | Victor Hugo dos Santos (76 lines, last 2025-10-17) |
How much human scrutiny merged code received — the leading indicator that bug-fix ratio lags by a quarter. 993 merged PRs analyzed (capped), 9 bot PRs excluded; rubber-stamp threshold 1 min.
Repo overall: self-merged 2% (17/983) · unreviewed 2% (24/983) · rubber-stamped 2% (24/983) · time-to-review median 5h
| Feature | PRs | Self-merged | Unreviewed | Rubber-stamp | TTR | Reviewer Gini |
|---|---|---|---|---|---|---|
| Shared Platform | 781 | 2% (14/781) | 2% (19/781) | 2% (17/781) | 7.1h | 0.51 |
| Email & Password Authentication | 753 | 2% (13/753) | 2% (18/753) | 2% (16/753) | 7h | 0.50 |
| Drag-and-Drop Survey Builder | 392 | 2% (6/392) | 2% (9/392) | 2% (9/392) | 8.2h | 0.52 |
| Survey Localization (i18n) | 191 | 1% (2/191) | 2% (3/191) | 2% (3/191) | 5.6h | 0.49 |
| File Storage Management | 153 | 1% (2/153) | 3% (4/153) | 3% (5/153) | 16.7h | 0.49 |
| Environment Tagging | 152 | 1% (1/152) | 3% (4/152) | 3% (5/152) | 18.6h | 0.49 |
| Webhook Integrations | 151 | 1% (1/151) | 1% (2/151) | 3% (4/151) | 11.7h | 0.51 |
| Contact & Attribute Management | 147 | 1% (1/147) | 1% (2/147) | 2% (3/147) | 16.4h | 0.49 |
Licenses: 2342 permissive · 29 weak-copyleft · 0 strong-copyleft · 1 network-copyleft (AGPL-class) · 7 unknown. Known vulnerabilities (runtime): 0 critical · 0 high · 0 medium · 1 low.
| Flagged license | License | Reach | Imported by |
|---|---|---|---|
| ua-parser-js@2.0.10 | AGPL-3.0-or-later | direct | — |
| @vercel/style-guide@6.0.0 | MPL-2.0 | direct | — |
| @img/sharp-libvips-darwin-arm64@1.2.4 | LGPL-3.0-or-later | transitive | AI-Powered Response Analysis, Action Class Triggers, Airtable Integration |
| @img/sharp-libvips-darwin-x64@1.2.4 | LGPL-3.0-or-later | transitive | AI-Powered Response Analysis, Action Class Triggers, Airtable Integration |
| @img/sharp-libvips-linux-arm@1.2.4 | LGPL-3.0-or-later | transitive | AI-Powered Response Analysis, Action Class Triggers, Airtable Integration |
| @img/sharp-libvips-linux-arm64@1.2.4 | LGPL-3.0-or-later | transitive | AI-Powered Response Analysis, Action Class Triggers, Airtable Integration |
| @img/sharp-libvips-linux-ppc64@1.2.4 | LGPL-3.0-or-later | transitive | AI-Powered Response Analysis, Action Class Triggers, Airtable Integration |
| @img/sharp-libvips-linux-riscv64@1.2.4 | LGPL-3.0-or-later | transitive | AI-Powered Response Analysis, Action Class Triggers, Airtable Integration |
| Advisory | Package | Severity | Fixed in | Reaches |
|---|---|---|---|---|
| GHSA-vpq2-c234-7xj6 | @tootallnate/once | low | 3.0.1 | Entitlement & License Enforcement (transitive) |
54 user flows: 7 covered by e2e, 2 integration-only, 45 untested at journey level. e2e coverage is observed directly — end-to-end specs name the routes they visit; this is a stated lower bound (93 navigations unresolved).
| User flow | Class | Routes hit | Integration reach |
|---|---|---|---|
| Accept organization invite | untested | 0/0 | 0% |
| Answer survey questions by type | untested | 0/0 | 1% |
| Authenticate via SAML SSO | untested | 0/0 | 0% |
| Authorize and complete SAML flow | untested | 0/13 | 3% |
| Browse and use survey templates | untested | 0/2 | 5% |
| Build and edit surveys visually | untested | 0/3 | 1% |
| Cache environment and API data | untested | 0/0 | 0% |
| Call management API (v1/v2/v3) | untested | 0/13 | 3% |
| Change email address | untested | 0/1 | — |
| Check feature entitlements | untested | 0/0 | 2% |
The engine reconstructed 54 user journeys from 558 code flows and 127 routes — the full list ships as an appendix. A sample:
| Accept organization invite | Answer survey questions by type |
| Authenticate via SAML SSO | Authorize and complete SAML flow |
| Browse and filter survey responses | Browse and use survey templates |
| Build and edit surveys visually | Cache environment and API data |
Use: onboarding map for new engineers, scope checklist for QA, and the join key for mapping production analytics onto features.
[DRAFT — recommendations are written by the auditor from the verified register.]
The evidence behind the risk register: bug-fix commits per feature, classified with the same detector the engine uses (so the appendix corroborates the numbers above). Newest first, capped per feature.
| 84cb2727c | 2026-07-02 | fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370) |
| 1556802f6 | 2026-06-24 | fix(security): bump nodemailer to 9.0.1 (ENG-1511, ENG-1507) (#8327) |
| e0973eae7 | 2026-06-24 | fix(security): bump markdown-it and pin typeorm 0.3.29 (#8329) |
| 0d71c35a6 | 2026-06-23 | fix(security): bump undici to 7.28.0 (ENG-1509, ENG-1505) (#8328) |
| 99180e110 | 2026-06-16 | fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301) |
| af6023b5a | 2026-05-27 | fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094) |
| d066d2386 | 2026-05-26 | fix: bind storage uploads to survey elements (#8044) |
| e9a14785d | 2026-05-25 | fix: add CSRF protection to integration OAuth flows (#8041) |
| d757e12c7 | 2026-05-22 | fix: return 404 when response is deleted mid-update (#8049) |
| e2bf79ce6 | 2026-05-18 | fix: harden storage presigned URL issuance (#8021) |
| c286a3330 | 2026-05-15 | fix: rate limit storage uploads per environment (#8006) |
| ce68d58aa | 2026-05-15 | fix: scope client API rate limits by environment (#8013) |
| ef96426ca | 2026-04-24 | chore(security): dependency audit — reduce attack surface & resolve all vulnerabilities (#7801) |
| cb58cf582 | 2026-03-12 | fix: restrict selected entitlements during trial (#7456) |
| cb41e2d34 | 2026-03-11 | fix: sets apps/web TS strict check to true (#7451) |
| 6ae1fa06b | 2026-07-02 | fix: include missed language translation strings (#7998) |
| 84cb2727c | 2026-07-02 | fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370) |
| fc93a74b2 | 2026-06-26 | fix(surveys): allow pinch-zoom on mobile link surveys (WCAG 1.4.4) [ENG-1294] (#8358) |
| 99c8da5c3 | 2026-06-25 | fix(a11y): submit button steals keyboard tab order on every survey (#8356) |
| a1fe0b04d | 2026-06-22 | fix: restore backward compatibility for older mobile SDKs on the v5 client API (#8322) |
| a8310691a | 2026-06-18 | fix: stub @formbricks/survey-ui/styles?inline during vitest runs (#8271) |
| 143acb278 | 2026-06-17 | fix(follow-ups): pass explicit locale to getTranslate in worker (#8291) |
| 99180e110 | 2026-06-16 | fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301) |
| b4ae38018 | 2026-06-16 | fix: create survey button overflows card boundary on survey creation page (#8295) |
| e265db605 | 2026-06-12 | fix: allow conditional logic on CTA questions without external link (#8270) |
| 0cc5386d4 | 2026-06-10 | fix: show failing env vars in validation errors (#8245) |
| 197d73875 | 2026-06-10 | fix: "Add logo" link 404 [ENG-1281] (#8251) |
| 84cb2727c | 2026-07-02 | fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370) |
| 2cadb5375 | 2026-06-16 | fix: restore Manage billing details button for custom and scale plans [ENG-1330] (#8287) |
| ddfe830bd | 2026-06-08 | fix: all upgrade plan related issues from user research (#8241) |
| 6a21f3fb4 | 2026-06-02 | fix(security): scope getDistinctAttributeValuesAction to the attribute key's workspace (ENG-1115) (#8202) |
| 5491b3b6e | 2026-05-28 | fix: contacts csv semicolon delimeter fix (#8172) |
| b97e1b8cd | 2026-05-27 | fix: fixes survey card scroll position and segment modal width (#8143) |
| a7da62c6f | 2026-05-26 | fix: unify upgrade UI in settings (#8050) |
| 6d0884439 | 2026-05-25 | fix: clean up setTimeout schedules in contact-attribute effects (#8126) |
| af7e39422 | 2026-05-25 | fix: add missing JSX key props in segment-filter SelectItem lists (#8124) |
| 64ae6e1d8 | 2026-05-25 | fix: remove invalid placeholder ARIA roles from membership role controls (#8125) |
| 67e90b4a0 | 2026-05-25 | fix: move SAML jackson opts out of module scope into init() (#8131) |
| a878bdff4 | 2026-05-22 | fix: limit JSON request body size (#8051) |
| 84cb2727c | 2026-07-02 | fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370) |
| 1556802f6 | 2026-06-24 | fix(security): bump nodemailer to 9.0.1 (ENG-1511, ENG-1507) (#8327) |
| e0973eae7 | 2026-06-24 | fix(security): bump markdown-it and pin typeorm 0.3.29 (#8329) |
| 0d71c35a6 | 2026-06-23 | fix(security): bump undici to 7.28.0 (ENG-1509, ENG-1505) (#8328) |
| 99180e110 | 2026-06-16 | fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301) |
| af6023b5a | 2026-05-27 | fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094) |
| d066d2386 | 2026-05-26 | fix: bind storage uploads to survey elements (#8044) |
| e9a14785d | 2026-05-25 | fix: add CSRF protection to integration OAuth flows (#8041) |
| e2bf79ce6 | 2026-05-18 | fix: harden storage presigned URL issuance (#8021) |
| c286a3330 | 2026-05-15 | fix: rate limit storage uploads per environment (#8006) |
| ce68d58aa | 2026-05-15 | fix: scope client API rate limits by environment (#8013) |
| 1380c81bf | 2026-05-13 | fix: patch security dependency vulnerabilities for main (#7990) |
| 99180e110 | 2026-06-16 | fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301) |
| af6023b5a | 2026-05-27 | fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094) |
| d757e12c7 | 2026-05-22 | fix: return 404 when response is deleted mid-update (#8049) |
| c286a3330 | 2026-05-15 | fix: rate limit storage uploads per environment (#8006) |
| ce68d58aa | 2026-05-15 | fix: scope client API rate limits by environment (#8013) |
| efe259d48 | 2026-05-14 | fix: fixes displays and responses api about survey status (#8007) |
| 676e31c43 | 2026-05-13 | fix: scope org-only v1 API key auth (#7961) |
| 103775b3b | 2026-05-13 | fix: validate contact_id (#7984) |
| 5fae207cd | 2026-04-30 | fix: duplicate action class name error (#7919) |
| e6e9419b9 | 2026-04-28 | fix: require step-up authorization for account deletion (#7901) |
| ef96426ca | 2026-04-24 | chore(security): dependency audit — reduce attack surface & resolve all vulnerabilities (#7801) |
| 735a9f84e | 2026-04-02 | fix: harden api error reporting for v2/v1 Sentry observability (#7633) |
| 84cb2727c | 2026-07-02 | fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370) |
| 1556802f6 | 2026-06-24 | fix(security): bump nodemailer to 9.0.1 (ENG-1511, ENG-1507) (#8327) |
| e0973eae7 | 2026-06-24 | fix(security): bump markdown-it and pin typeorm 0.3.29 (#8329) |
| 0d71c35a6 | 2026-06-23 | fix(security): bump undici to 7.28.0 (ENG-1509, ENG-1505) (#8328) |
| 99180e110 | 2026-06-16 | fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301) |
| af6023b5a | 2026-05-27 | fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094) |
| d066d2386 | 2026-05-26 | fix: bind storage uploads to survey elements (#8044) |
| e9a14785d | 2026-05-25 | fix: add CSRF protection to integration OAuth flows (#8041) |
| d757e12c7 | 2026-05-22 | fix: return 404 when response is deleted mid-update (#8049) |
| e2bf79ce6 | 2026-05-18 | fix: harden storage presigned URL issuance (#8021) |
| c286a3330 | 2026-05-15 | fix: rate limit storage uploads per environment (#8006) |
| ce68d58aa | 2026-05-15 | fix: scope client API rate limits by environment (#8013) |
| 84cb2727c | 2026-07-02 | fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370) |
| 1556802f6 | 2026-06-24 | fix(security): bump nodemailer to 9.0.1 (ENG-1511, ENG-1507) (#8327) |
| e0973eae7 | 2026-06-24 | fix(security): bump markdown-it and pin typeorm 0.3.29 (#8329) |
| 0d71c35a6 | 2026-06-23 | fix(security): bump undici to 7.28.0 (ENG-1509, ENG-1505) (#8328) |
| 99180e110 | 2026-06-16 | fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301) |
| b429ece88 | 2026-06-15 | fix: always suggest white card background on Suggest colors (#8284) |
| af6023b5a | 2026-05-27 | fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094) |
| c286a3330 | 2026-05-15 | fix: rate limit storage uploads per environment (#8006) |
| ce68d58aa | 2026-05-15 | fix: scope client API rate limits by environment (#8013) |
| 1380c81bf | 2026-05-13 | fix: patch security dependency vulnerabilities for main (#7990) |
| 69ead9796 | 2026-05-08 | fix: sso account deletion password check (#7930) |
| d10349949 | 2026-05-06 | fix(security): strip sensitive survey and segment metadata from public client API (#7931) |
| 84cb2727c | 2026-07-02 | fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370) |
| 1556802f6 | 2026-06-24 | fix(security): bump nodemailer to 9.0.1 (ENG-1511, ENG-1507) (#8327) |
| e0973eae7 | 2026-06-24 | fix(security): bump markdown-it and pin typeorm 0.3.29 (#8329) |
| 0d71c35a6 | 2026-06-23 | fix(security): bump undici to 7.28.0 (ENG-1509, ENG-1505) (#8328) |
| 99180e110 | 2026-06-16 | fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301) |
| af6023b5a | 2026-05-27 | fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094) |
| d066d2386 | 2026-05-26 | fix: bind storage uploads to survey elements (#8044) |
| e9a14785d | 2026-05-25 | fix: add CSRF protection to integration OAuth flows (#8041) |
| d757e12c7 | 2026-05-22 | fix: return 404 when response is deleted mid-update (#8049) |
| e2bf79ce6 | 2026-05-18 | fix: harden storage presigned URL issuance (#8021) |
| c286a3330 | 2026-05-15 | fix: rate limit storage uploads per environment (#8006) |
| ce68d58aa | 2026-05-15 | fix: scope client API rate limits by environment (#8013) |
| 1c6bf3d19 | 2026-06-10 | fix: rating and CSAT smiley misaligned in single response card (#8252) |
| 4f8fe4466 | 2026-05-29 | fix: fixes ces rating question's email embed UI (#8180) |
| af6023b5a | 2026-05-27 | fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094) |
| af51414b0 | 2026-05-21 | fix: remove isAIDataAnalysisEnabled (ENG-1039) (#8109) |
| c286a3330 | 2026-05-15 | fix: rate limit storage uploads per environment (#8006) |
| ce68d58aa | 2026-05-15 | fix: scope client API rate limits by environment (#8013) |
| 96b08fbe2 | 2026-05-14 | fix: single-use survey restriction bypass (#7972) |
| fae00f6a8 | 2026-05-04 | fix: outlook preview (#7803) |
| e6e9419b9 | 2026-04-28 | fix: require step-up authorization for account deletion (#7901) |
| ef96426ca | 2026-04-24 | chore(security): dependency audit — reduce attack surface & resolve all vulnerabilities (#7801) |
| 6c4342690 | 2026-04-22 | fix: harden legacy SSO relinking (#7755) |
| 6da4c6f35 | 2026-03-24 | fix: proper errors server side when resources are not found (#7571) |