DYNVO · CODEBASE AUDIT
SAMPLE · REAL DATA, PUBLIC OSS REPO · CLAIMS UNVERIFIED

Codebase Audit — formbricks

A feature-level read of formbricks/formbricks — what the codebase actually contains, where its defect risk concentrates, and what to do about it. Derived from 365 days of git history.

Repository
formbricks/formbricks
History window
365 days · 720 commits
Stack
js-generic
Scan date
2026-07-02
Prepared by
Dynvo · dynvo.ai
01

Executive summary

[DRAFT — operator writes the verdict here after the verification pass.]

Overall feature health averages 73.1/100 — the 56th percentile of our 43-repo open-source benchmark corpus (median 69). The historical bug-fix ratio of 40% sits above the corpus median (39%).

[Key-risk cards appear here once curated.]

02

Codebase snapshot

2,243
Files
127
API routes
176
Dev features
→ 39 product features
54
User flows
558 code flows
44
Contributors
10%
AI-authored
line-weighted share (lower bound)
03

The feature map

The engine grouped 2,243 files into 39 customer-facing product features. The 5 busiest — where the engineering actually went:

Product featureCommitsBug-fix ratioHealth
Shared Platform655 41% (271/655)87
Drag-and-Drop Survey Builder312 53% (164/312)62
Entitlement & License Enforcement124 47% (58/124)60
Email & Password Authentication114 22% (25/114)93
Environment Tagging64 23% (15/64)82

Health distribution — 39 product features

1
20s
1
30s
5
50s
7
60s
11
70s
10
80s
4
90s
Benchmark: mean feature health 73.1 places this repo at the 56th percentile of Dynvo's 43-repo OSS corpus (median 69).
04

Risk register — top 10

DRAFT: rows below are engine output ranked by composite risk — verify, edit or drop each one in the Audit Studio before delivery. Rework = lines rewritten within 28 days of landing.

#FeatureHealthBug-fix ratioReworkWhy it mattersStatus
1 Notion Integration
Sync survey responses into Notion databases via field mapping.
25 57% (4/7) 8% (68/895) Lowest-health tier of the codebase — every change here is high-riskunverified
2 Airtable Integration
Connect surveys to Airtable bases to auto-populate records with responses.
35 50% (3/6) 8% (68/873) Lowest-health tier of the codebase — every change here is high-riskunverified
3 Drag-and-Drop Survey Builder
Visual editor for creating and editing surveys with 25+ question types (open text, multiple choice, rating, NPS, consent, address, CTA, matrix, ranking, and more).
62 53% (164/312) 7% (1350/20665) Lowest-health tier of the codebase — every change here is high-riskunverified
4 Survey Email Notifications
Automated email follow-ups to respondents and alerts to team members on new responses.
56 47% (20/43) 2% (29/1279) Lowest-health tier of the codebase — every change here is high-riskunverified
5 Entitlement & License Enforcement
Check feature entitlements and enterprise license guards to gate premium capabilities.
60 47% (58/124) 4% (390/8991) Lowest-health tier of the codebase — every change here is high-riskunverified
6 Organization Settings & Administration
Manage organization name, AI toggles, deletion, and general org configuration.
59 45% (26/58) 8% (125/1625) Lowest-health tier of the codebase — every change here is high-riskunverified
7 Slack Integration
Send real-time survey response notifications to Slack channels.
51 43% (3/7) 9% (68/768) Lowest-health tier of the codebase — every change here is high-riskunverified
8 Google Sheets Integration
Two-way sync of survey responses into Google Sheets.
53 56% (5/9) 10% (71/743) Lowest-health tier of the codebase — every change here is high-riskunverified
9 In-App Survey JS SDK
JavaScript/TypeScript SDK enabling developers to embed and trigger targeted in-app surveys from their web apps.
61 42% (15/36) 3% (10/325) Lowest-health tier of the codebase — every change here is high-riskunverified
10 Billing Confirmation
Post-checkout confirmation page acknowledging successful billing/plan changes.
54 40% (2/5) 28% (10/36) Lowest-health tier of the codebase — every change here is high-riskunverified
05

Defect hotspots

Files with the heaviest bug-fix history. Bar length = bug-fix commits; the ratio shows fixes as a share of all commits to that file.

apps/web/locales/hu-HU.json
27 · 51%
apps/web/locales/ru-RU.json
27 · 40%
packages/surveys/src/components/general/survey.tsx
17 · 61%
apps/web/playwright/survey.spec.ts
10 · 53%
apps/web/app/lib/templates.ts
9 · 41%
apps/web/modules/survey/editor/components/survey-menu-bar.tsx
9 · 47%
packages/survey-ui/src/components/elements/single-select.tsx
8 · 62%
packages/surveys/src/components/general/welcome-card.tsx
8 · 50%
apps/web/modules/survey/list/components/survey-dropdown-menu.tsx
8 · 80%
apps/web/modules/ui/components/data-table/components/selected-row-settings.tsx
8 · 62%
06

Defect origins

Where bugs are born, not where they are fixed — each bug-fix commit traced back through blame to the commit that introduced the defective lines (SZZ). 608 fixes analyzed, 426 attributed (30% unattributable — mostly purely-additive fixes). 12% of defect-introducing commits are AI-authored.

FeatureIntroduction rateDefect half-lifeBorn here, fixed elsewhereAI / human introducers
Shared Platform 26% (210/793) 39d 27 / 199
Email & Password Authentication 26% (204/773) 38d 26 / 193
Survey Response Collection & Inbox 24% (31/128) 54d 8% 2 / 31
Entitlement & License Enforcement 22% (28/125) 36d 2% 3 / 26
Survey Share & Embed Options 22% (22/102) 55d 0 / 25
Survey Results Summary & Analysis 21% (20/94) 77d 11% 1 / 21
Drag-and-Drop Survey Builder 18% (73/410) 63d 7 / 72
Survey Localization (i18n) 17% (33/196) 64d 5 / 30

Half-life = median days a defect lived before its fix. Introduction rate = in-window introducing commits / commits touching the feature.

07

Boundary erosion

Feature pairs that increasingly change together (quarterly co-change Jaccard) — boundaries that are dissolving, with the files where they leak.

Rising pairCoupling seriesWhere it leaks
File Storage Management × Subscription Billing & Plans 0.00 → 0.00 → 0.20 → 0.18 billing/actions.ts lib/organization-billing.ts
Entitlement & License Enforcement × File Storage Management 0.09 → 0.04 → 0.16 → 0.11 billing/actions.ts lib/organization-billing.ts
Drag-and-Drop Survey Builder × Entitlement & License Enforcement 0.05 → 0.07 → 0.08 → 0.10 billing/actions.ts components/pricing-table.tsx
Drag-and-Drop Survey Builder × Multi-Project Workspace Management 0.04 → 0.07 → 0.12 → 0.04 components/theme-styling.tsx components/styling-view.tsx
Drag-and-Drop Survey Builder × Public Management API (v1/v2/v3) 0.06 → 0.00 → 0.01 → 0.07 lib/api-wrapper.ts surveys/serializers.ts

Improving boundaries: Survey Results Summary & Analysis × Survey Share & Embed Options (0.39 → 0.06 → 0.11 → 0.00); Survey Response Collection & Inbox × Survey Share & Embed Options (0.33 → 0.00 → 0.10 → 0.00); AI-Powered Response Analysis × Survey Results Summary & Analysis (0.27 → 0.07 → 0.06 → 0.04) — refactoring that is visibly working.

08

Knowledge risk & AI authorship

No product feature with ≥10 commits depends on a single human owner.

Orphaned code — lines whose last author left (90d window, 19 active authors)

FeatureOrphanedLinesDeparted owners
Action Class Triggers 43.9% 763 Victor Hugo dos Santos (332 lines, last 2025-10-17), Piyush Gupta (3 lines, last 2025-10-01)
SAML SSO (Enterprise) 40.1% 496 Victor Hugo dos Santos (199 lines, last 2025-10-17)
Survey Look & Feel Customization 17.6% 2,979 Theodór Tómas (433 lines, last 2026-02-26), Victor Hugo dos Santos (72 lines, last 2025-10-17)
Survey Response Collection & Inbox 12.5% 4,057 Piyush Gupta (303 lines, last 2025-10-01), Victor Hugo dos Santos (163 lines, last 2025-10-17)
Public Management API (v1/v2/v3) 11.0% 4,576 Victor Hugo dos Santos (433 lines, last 2025-10-17), Piyush Gupta (55 lines, last 2025-10-01)
User Account Profile & Security 10.4% 2,222 Victor Hugo dos Santos (170 lines, last 2025-10-17), Jakob Schott (53 lines, last 2025-10-06)
Team & Member Management 9.8% 4,731 Victor Hugo dos Santos (284 lines, last 2025-10-17), Jakob Schott (107 lines, last 2025-10-06)
Survey Link Sharing 8.8% 867 Victor Hugo dos Santos (76 lines, last 2025-10-17)
09

Review hygiene

How much human scrutiny merged code received — the leading indicator that bug-fix ratio lags by a quarter. 993 merged PRs analyzed (capped), 9 bot PRs excluded; rubber-stamp threshold 1 min.

Repo overall: self-merged 2% (17/983) · unreviewed 2% (24/983) · rubber-stamped 2% (24/983) · time-to-review median 5h

FeaturePRsSelf-mergedUnreviewedRubber-stampTTRReviewer Gini
Shared Platform781 2% (14/781)2% (19/781)2% (17/781) 7.1h 0.51
Email & Password Authentication753 2% (13/753)2% (18/753)2% (16/753) 7h 0.50
Drag-and-Drop Survey Builder392 2% (6/392)2% (9/392)2% (9/392) 8.2h 0.52
Survey Localization (i18n)191 1% (2/191)2% (3/191)2% (3/191) 5.6h 0.49
File Storage Management153 1% (2/153)3% (4/153)3% (5/153) 16.7h 0.49
Environment Tagging152 1% (1/152)3% (4/152)3% (5/152) 18.6h 0.49
Webhook Integrations151 1% (1/151)1% (2/151)3% (4/151) 11.7h 0.51
Contact & Attribute Management147 1% (1/147)1% (2/147)2% (3/147) 16.4h 0.49
10

IP & licensing

Dependency inventory — 2,393 packages (208 direct)

Licenses: 2342 permissive · 29 weak-copyleft · 0 strong-copyleft · 1 network-copyleft (AGPL-class) · 7 unknown. Known vulnerabilities (runtime): 0 critical · 0 high · 0 medium · 1 low.

Flagged licenseLicenseReachImported by
ua-parser-js@2.0.10 AGPL-3.0-or-laterdirect
@vercel/style-guide@6.0.0 MPL-2.0direct
@img/sharp-libvips-darwin-arm64@1.2.4 LGPL-3.0-or-latertransitive AI-Powered Response Analysis, Action Class Triggers, Airtable Integration
@img/sharp-libvips-darwin-x64@1.2.4 LGPL-3.0-or-latertransitive AI-Powered Response Analysis, Action Class Triggers, Airtable Integration
@img/sharp-libvips-linux-arm@1.2.4 LGPL-3.0-or-latertransitive AI-Powered Response Analysis, Action Class Triggers, Airtable Integration
@img/sharp-libvips-linux-arm64@1.2.4 LGPL-3.0-or-latertransitive AI-Powered Response Analysis, Action Class Triggers, Airtable Integration
@img/sharp-libvips-linux-ppc64@1.2.4 LGPL-3.0-or-latertransitive AI-Powered Response Analysis, Action Class Triggers, Airtable Integration
@img/sharp-libvips-linux-riscv64@1.2.4 LGPL-3.0-or-latertransitive AI-Powered Response Analysis, Action Class Triggers, Airtable Integration

Top vulnerabilities → features

AdvisoryPackageSeverityFixed inReaches
GHSA-vpq2-c234-7xj6@tootallnate/once low3.0.1 Entitlement & License Enforcement (transitive)
11

Journey-level test coverageinstrument validated · precision study pending

54 user flows: 7 covered by e2e, 2 integration-only, 45 untested at journey level. e2e coverage is observed directly — end-to-end specs name the routes they visit; this is a stated lower bound (93 navigations unresolved).

User flowClassRoutes hitIntegration reach
Accept organization invite untested 0/0 0%
Answer survey questions by type untested 0/0 1%
Authenticate via SAML SSO untested 0/0 0%
Authorize and complete SAML flow untested 0/13 3%
Browse and use survey templates untested 0/2 5%
Build and edit surveys visually untested 0/3 1%
Cache environment and API data untested 0/0 0%
Call management API (v1/v2/v3) untested 0/13 3%
Change email address untested 0/1
Check feature entitlements untested 0/0 2%
12

User-flow inventory

The engine reconstructed 54 user journeys from 558 code flows and 127 routes — the full list ships as an appendix. A sample:

Accept organization inviteAnswer survey questions by type
Authenticate via SAML SSOAuthorize and complete SAML flow
Browse and filter survey responsesBrowse and use survey templates
Build and edit surveys visuallyCache environment and API data

Use: onboarding map for new engineers, scope checklist for QA, and the join key for mapping production analytics onto features.

13

Recommendations

[DRAFT — recommendations are written by the auditor from the verified register.]

14

Methodology, verification & limits

How this was produced.
  • Detection: the open-source Dynvo engine grouped files into features and flows using deterministic extractors (routes, schema, workspace structure) plus LLM naming — the same engine anyone can run. The methodology is public and every number here is regenerable.
  • Verification: THIS IS A DRAFT — claims carry unverified status until the auditor completes the verification pass.
  • Benchmarks: percentile comparisons come from Dynvo's 43-repo open-source scan corpus.
  • Statistical honesty: every ratio carries a 95% Wilson interval (hover the value); ratios with fewer than 5 observations are demoted to "low sample" and never bolded.
  • Limits: git history measures change, not runtime behavior — a stable-but-wrong module shows healthy. Bug-fix classification is commit-message-based (receipts in Appendix A let you audit it). This report is a point-in-time snapshot; the continuous version of this map is the Dynvo subscription.
15

Appendix A — commit receipts

The evidence behind the risk register: bug-fix commits per feature, classified with the same detector the engine uses (so the appendix corroborates the numbers above). Newest first, capped per feature.

Airtable Integration — 12 most recent fix commits

84cb2727c2026-07-02fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370)
1556802f62026-06-24fix(security): bump nodemailer to 9.0.1 (ENG-1511, ENG-1507) (#8327)
e0973eae72026-06-24fix(security): bump markdown-it and pin typeorm 0.3.29 (#8329)
0d71c35a62026-06-23fix(security): bump undici to 7.28.0 (ENG-1509, ENG-1505) (#8328)
99180e1102026-06-16fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301)
af6023b5a2026-05-27fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094)
d066d23862026-05-26fix: bind storage uploads to survey elements (#8044)
e9a14785d2026-05-25fix: add CSRF protection to integration OAuth flows (#8041)
d757e12c72026-05-22fix: return 404 when response is deleted mid-update (#8049)
e2bf79ce62026-05-18fix: harden storage presigned URL issuance (#8021)
c286a33302026-05-15fix: rate limit storage uploads per environment (#8006)
ce68d58aa2026-05-15fix: scope client API rate limits by environment (#8013)

Billing Confirmation — 3 most recent fix commits

ef96426ca2026-04-24chore(security): dependency audit — reduce attack surface & resolve all vulnerabilities (#7801)
cb58cf5822026-03-12fix: restrict selected entitlements during trial (#7456)
cb41e2d342026-03-11fix: sets apps/web TS strict check to true (#7451)

Drag-and-Drop Survey Builder — 12 most recent fix commits

6ae1fa06b2026-07-02fix: include missed language translation strings (#7998)
84cb2727c2026-07-02fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370)
fc93a74b22026-06-26fix(surveys): allow pinch-zoom on mobile link surveys (WCAG 1.4.4) [ENG-1294] (#8358)
99c8da5c32026-06-25fix(a11y): submit button steals keyboard tab order on every survey (#8356)
a1fe0b04d2026-06-22fix: restore backward compatibility for older mobile SDKs on the v5 client API (#8322)
a8310691a2026-06-18fix: stub @formbricks/survey-ui/styles?inline during vitest runs (#8271)
143acb2782026-06-17fix(follow-ups): pass explicit locale to getTranslate in worker (#8291)
99180e1102026-06-16fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301)
b4ae380182026-06-16fix: create survey button overflows card boundary on survey creation page (#8295)
e265db6052026-06-12fix: allow conditional logic on CTA questions without external link (#8270)
0cc5386d42026-06-10fix: show failing env vars in validation errors (#8245)
197d738752026-06-10fix: "Add logo" link 404 [ENG-1281] (#8251)

Entitlement & License Enforcement — 12 most recent fix commits

84cb2727c2026-07-02fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370)
2cadb53752026-06-16fix: restore Manage billing details button for custom and scale plans [ENG-1330] (#8287)
ddfe830bd2026-06-08fix: all upgrade plan related issues from user research (#8241)
6a21f3fb42026-06-02fix(security): scope getDistinctAttributeValuesAction to the attribute key's workspace (ENG-1115) (#8202)
5491b3b6e2026-05-28fix: contacts csv semicolon delimeter fix (#8172)
b97e1b8cd2026-05-27fix: fixes survey card scroll position and segment modal width (#8143)
a7da62c6f2026-05-26fix: unify upgrade UI in settings (#8050)
6d08844392026-05-25fix: clean up setTimeout schedules in contact-attribute effects (#8126)
af7e394222026-05-25fix: add missing JSX key props in segment-filter SelectItem lists (#8124)
64ae6e1d82026-05-25fix: remove invalid placeholder ARIA roles from membership role controls (#8125)
67e90b4a02026-05-25fix: move SAML jackson opts out of module scope into init() (#8131)
a878bdff42026-05-22fix: limit JSON request body size (#8051)

Google Sheets Integration — 12 most recent fix commits

84cb2727c2026-07-02fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370)
1556802f62026-06-24fix(security): bump nodemailer to 9.0.1 (ENG-1511, ENG-1507) (#8327)
e0973eae72026-06-24fix(security): bump markdown-it and pin typeorm 0.3.29 (#8329)
0d71c35a62026-06-23fix(security): bump undici to 7.28.0 (ENG-1509, ENG-1505) (#8328)
99180e1102026-06-16fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301)
af6023b5a2026-05-27fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094)
d066d23862026-05-26fix: bind storage uploads to survey elements (#8044)
e9a14785d2026-05-25fix: add CSRF protection to integration OAuth flows (#8041)
e2bf79ce62026-05-18fix: harden storage presigned URL issuance (#8021)
c286a33302026-05-15fix: rate limit storage uploads per environment (#8006)
ce68d58aa2026-05-15fix: scope client API rate limits by environment (#8013)
1380c81bf2026-05-13fix: patch security dependency vulnerabilities for main (#7990)

In-App Survey JS SDK — 12 most recent fix commits

99180e1102026-06-16fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301)
af6023b5a2026-05-27fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094)
d757e12c72026-05-22fix: return 404 when response is deleted mid-update (#8049)
c286a33302026-05-15fix: rate limit storage uploads per environment (#8006)
ce68d58aa2026-05-15fix: scope client API rate limits by environment (#8013)
efe259d482026-05-14fix: fixes displays and responses api about survey status (#8007)
676e31c432026-05-13fix: scope org-only v1 API key auth (#7961)
103775b3b2026-05-13fix: validate contact_id (#7984)
5fae207cd2026-04-30fix: duplicate action class name error (#7919)
e6e9419b92026-04-28fix: require step-up authorization for account deletion (#7901)
ef96426ca2026-04-24chore(security): dependency audit — reduce attack surface & resolve all vulnerabilities (#7801)
735a9f84e2026-04-02fix: harden api error reporting for v2/v1 Sentry observability (#7633)

Notion Integration — 12 most recent fix commits

84cb2727c2026-07-02fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370)
1556802f62026-06-24fix(security): bump nodemailer to 9.0.1 (ENG-1511, ENG-1507) (#8327)
e0973eae72026-06-24fix(security): bump markdown-it and pin typeorm 0.3.29 (#8329)
0d71c35a62026-06-23fix(security): bump undici to 7.28.0 (ENG-1509, ENG-1505) (#8328)
99180e1102026-06-16fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301)
af6023b5a2026-05-27fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094)
d066d23862026-05-26fix: bind storage uploads to survey elements (#8044)
e9a14785d2026-05-25fix: add CSRF protection to integration OAuth flows (#8041)
d757e12c72026-05-22fix: return 404 when response is deleted mid-update (#8049)
e2bf79ce62026-05-18fix: harden storage presigned URL issuance (#8021)
c286a33302026-05-15fix: rate limit storage uploads per environment (#8006)
ce68d58aa2026-05-15fix: scope client API rate limits by environment (#8013)

Organization Settings & Administration — 12 most recent fix commits

84cb2727c2026-07-02fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370)
1556802f62026-06-24fix(security): bump nodemailer to 9.0.1 (ENG-1511, ENG-1507) (#8327)
e0973eae72026-06-24fix(security): bump markdown-it and pin typeorm 0.3.29 (#8329)
0d71c35a62026-06-23fix(security): bump undici to 7.28.0 (ENG-1509, ENG-1505) (#8328)
99180e1102026-06-16fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301)
b429ece882026-06-15fix: always suggest white card background on Suggest colors (#8284)
af6023b5a2026-05-27fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094)
c286a33302026-05-15fix: rate limit storage uploads per environment (#8006)
ce68d58aa2026-05-15fix: scope client API rate limits by environment (#8013)
1380c81bf2026-05-13fix: patch security dependency vulnerabilities for main (#7990)
69ead97962026-05-08fix: sso account deletion password check (#7930)
d103499492026-05-06fix(security): strip sensitive survey and segment metadata from public client API (#7931)

Slack Integration — 12 most recent fix commits

84cb2727c2026-07-02fix: complete SCA/3DS for upgrade payments and surface payment failures (#8370)
1556802f62026-06-24fix(security): bump nodemailer to 9.0.1 (ENG-1511, ENG-1507) (#8327)
e0973eae72026-06-24fix(security): bump markdown-it and pin typeorm 0.3.29 (#8329)
0d71c35a62026-06-23fix(security): bump undici to 7.28.0 (ENG-1509, ENG-1505) (#8328)
99180e1102026-06-16fix(deps): patch Dependabot security advisories, consolidate pnpm overrides (#8301)
af6023b5a2026-05-27fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094)
d066d23862026-05-26fix: bind storage uploads to survey elements (#8044)
e9a14785d2026-05-25fix: add CSRF protection to integration OAuth flows (#8041)
d757e12c72026-05-22fix: return 404 when response is deleted mid-update (#8049)
e2bf79ce62026-05-18fix: harden storage presigned URL issuance (#8021)
c286a33302026-05-15fix: rate limit storage uploads per environment (#8006)
ce68d58aa2026-05-15fix: scope client API rate limits by environment (#8013)

Survey Email Notifications — 12 most recent fix commits

1c6bf3d192026-06-10fix: rating and CSAT smiley misaligned in single response card (#8252)
4f8fe44662026-05-29fix: fixes ces rating question's email embed UI (#8180)
af6023b5a2026-05-27fix: rate-limit isSurveyResponsePresentAction and validateSurveyPinAction (ENG-942) (#8094)
af51414b02026-05-21fix: remove isAIDataAnalysisEnabled (ENG-1039) (#8109)
c286a33302026-05-15fix: rate limit storage uploads per environment (#8006)
ce68d58aa2026-05-15fix: scope client API rate limits by environment (#8013)
96b08fbe22026-05-14fix: single-use survey restriction bypass (#7972)
fae00f6a82026-05-04fix: outlook preview (#7803)
e6e9419b92026-04-28fix: require step-up authorization for account deletion (#7901)
ef96426ca2026-04-24chore(security): dependency audit — reduce attack surface & resolve all vulnerabilities (#7801)
6c43426902026-04-22fix: harden legacy SSO relinking (#7755)
6da4c6f352026-03-24fix: proper errors server side when resources are not found (#7571)
DYNVO · dynvo.ai · Codebase Audit DRAFT — not for delivery2026-07-02