Update secrets name

.checkmarx/config.yml

@@ -8,4 +8,4 @@ checkmarx:
     configs:
       sast:
         # Exclude test directories
-        filter: "**/test/**,!**/androidTest/**,!**/commonTest/**,!**/jvmTest/**,!**/jsTest/**,!**/iosTest/**"
+        filter: "!app/src/test/**"

.editorconfig

@@ -12,20 +12,127 @@ end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
+guidelines = 120
+
+# Code files
+[*.{cs,csx,vb,vbx}]
+indent_size = 4
+
+# Xml project files
+[*.{csproj,vbproj,vcxproj,vcxproj.filters,proj,projitems,shproj}]
+indent_size = 2
+
+# Xml config files
+[*.{props,targets,ruleset,config,nuspec,resx,vsixmanifest,vsct}]
+indent_size = 2
 
 # JSON files
 [*.json]
 indent_size = 2
 
-# Kotlin files
-# noinspection EditorConfigKeyCorrectness
-[*.{kt,kts}]
-# https://pinterest.github.io/ktlint/1.0.1/rules/configuration-ktlint/#trailing-comma-on-declaration-site
-ij_kotlin_allow_trailing_comma = true
-# https://pinterest.github.io/ktlint/1.0.1/rules/configuration-ktlint/#trailing-comma-on-declaration-site
-trailing-comma-on-declaration-site = true
-# https://pinterest.github.io/ktlint/1.0.1/rules/configuration-ktlint/#trailing-comma-on-call-site
-ij_kotlin_allow_trailing_comma_on_call_site = true
-
-[*.{scss,yml}]
+# JS files
+[*.{js,ts,scss,html}]
 indent_size = 2
+
+[*.{ts}]
+quote_type = single
+
+[*.{scss,yml,csproj}]
+indent_size = 2
+
+[*.sln]
+indent_style = tab
+
+# Dotnet code style settings:
+[*.{cs,vb}]
+# Sort using and Import directives with System.* appearing first
+dotnet_sort_system_directives_first = true
+# Avoid "this." and "Me." if not necessary
+dotnet_style_qualification_for_field = false:suggestion
+dotnet_style_qualification_for_property = false:suggestion
+dotnet_style_qualification_for_method = false:suggestion
+dotnet_style_qualification_for_event = false:suggestion
+
+# Use language keywords instead of framework type names for type references
+dotnet_style_predefined_type_for_locals_parameters_members = true:suggestion
+dotnet_style_predefined_type_for_member_access = true:suggestion
+
+# Suggest more modern language features when available
+dotnet_style_object_initializer = true:suggestion
+dotnet_style_collection_initializer = true:suggestion
+dotnet_style_coalesce_expression = true:suggestion
+dotnet_style_null_propagation = true:suggestion
+dotnet_style_explicit_tuple_names = true:suggestion
+
+# Prefix private members with underscore
+dotnet_naming_rule.private_members_with_underscore.symbols = private_fields
+dotnet_naming_rule.private_members_with_underscore.style = prefix_underscore
+dotnet_naming_rule.private_members_with_underscore.severity = suggestion
+
+dotnet_naming_symbols.private_fields.applicable_kinds = field
+dotnet_naming_symbols.private_fields.applicable_accessibilities = private
+
+dotnet_naming_style.prefix_underscore.capitalization = camel_case
+dotnet_naming_style.prefix_underscore.required_prefix = _
+
+# Async methods should have "Async" suffix
+dotnet_naming_rule.async_methods_end_in_async.symbols = any_async_methods
+dotnet_naming_rule.async_methods_end_in_async.style = end_in_async
+dotnet_naming_rule.async_methods_end_in_async.severity = suggestion
+
+dotnet_naming_symbols.any_async_methods.applicable_kinds = method
+dotnet_naming_symbols.any_async_methods.applicable_accessibilities = *
+dotnet_naming_symbols.any_async_methods.required_modifiers = async
+
+dotnet_naming_style.end_in_async.required_prefix = 
+dotnet_naming_style.end_in_async.required_suffix = Async
+dotnet_naming_style.end_in_async.capitalization = pascal_case
+dotnet_naming_style.end_in_async.word_separator = 
+
+# Obsolete warnings, this should be removed or changed to warning once we address some of the obsolete items.
+dotnet_diagnostic.CS0618.severity = suggestion
+
+# Obsolete warnings, this should be removed or changed to warning once we address some of the obsolete items.
+dotnet_diagnostic.CS0612.severity = suggestion
+
+# Remove unnecessary using directives https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/ide0005
+dotnet_diagnostic.IDE0005.severity = warning
+
+# CSharp code style settings:
+[*.cs]
+# Prefer "var" everywhere
+csharp_style_var_for_built_in_types = true:suggestion
+csharp_style_var_when_type_is_apparent = true:suggestion
+csharp_style_var_elsewhere = true:suggestion
+
+# Prefer method-like constructs to have a expression-body
+csharp_style_expression_bodied_methods = true:none
+csharp_style_expression_bodied_constructors = true:none
+csharp_style_expression_bodied_operators = true:none
+
+# Prefer property-like constructs to have an expression-body
+csharp_style_expression_bodied_properties = true:none
+csharp_style_expression_bodied_indexers = true:none
+csharp_style_expression_bodied_accessors = true:none
+
+# Suggest more modern language features when available
+csharp_style_pattern_matching_over_is_with_cast_check = true:suggestion
+csharp_style_pattern_matching_over_as_with_null_check = true:suggestion
+csharp_style_inlined_variable_declaration = true:suggestion
+csharp_style_throw_expression = true:suggestion
+csharp_style_conditional_delegate_call = true:suggestion
+
+# Newline settings
+csharp_new_line_before_open_brace = all
+csharp_new_line_before_else = true
+csharp_new_line_before_catch = true
+csharp_new_line_before_finally = true
+csharp_new_line_before_members_in_object_initializers = true
+csharp_new_line_before_members_in_anonymous_types = true
+
+# Namespace settings
+csharp_style_namespace_declarations = file_scoped:warning
+
+# Switch expression
+dotnet_diagnostic.CS8509.severity = error # missing switch case for named enum value
+dotnet_diagnostic.CS8524.severity = none # missing switch case for unnamed enum value

.github/CODEOWNERS

@@ -5,7 +5,7 @@
 # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
 
 # Default file owners.
-* @bitwarden/team-android @brian-livefront @david-livefront
+* @bitwarden/team-android @brian-livefront @david-livefront @dseverns-livefront @ahaisting-livefront @phil-livefront
 
 # Actions and workflow changes.
 .github/ @bitwarden/dept-development-mobile

.github/ISSUE_TEMPLATE/bug-bwa.yml

@@ -1,84 +0,0 @@
-name: Authenticator Android App Bug Report
-description: File a bug report
-labels: [ "app:authenticator", "bug" ]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thanks for taking the time to fill out this bug report!
-
-        Please do not submit feature requests. The [Community Forums](https://community.bitwarden.com) has a section for submitting, voting for, and discussing product feature requests.
-  - type: textarea
-    id: reproduce
-    attributes:
-      label: Steps To Reproduce
-      description: How can we reproduce the behavior.
-      value: |
-        1. Go to '...'
-        2. Click on '...'
-        3. Scroll down to '...'
-        4. Click on '...'
-    validations:
-      required: true
-  - type: textarea
-    id: expected
-    attributes:
-      label: Expected Result
-      description: A clear and concise description of what you expected to happen.
-    validations:
-      required: true
-  - type: textarea
-    id: actual
-    attributes:
-      label: Actual Result
-      description: A clear and concise description of what is happening.
-    validations:
-      required: true
-  - type: textarea
-    id: screenshots
-    attributes:
-      label: Screenshots or Videos
-      description: If applicable, add screenshots and/or a short video to help explain your problem.
-  - type: textarea
-    id: additional-context
-    attributes:
-      label: Additional Context
-      description: Add any other context about the problem here.
-  - type: input
-    id: version
-    attributes:
-      label: Build Version
-      description: What version of our software are you running?
-    validations:
-      required: true
-  - type: dropdown
-    id: server-region
-    attributes:
-      label: What server are you connecting to?
-      options:
-        - US
-        - EU
-        - Self-host
-        - N/A
-    validations:
-      required: true
-  - type: input
-    id: server-version
-    attributes:
-      label: Self-host Server Version
-      description: If self-hosting, what version of Bitwarden Server are you running?
-  - type: textarea
-    id: environment-details
-    attributes:
-      label: Environment Details
-      placeholder: |
-        - Device: [e.g. Pixel Tablet, Samsung Galaxy S24 ]
-        - OS Version: [e.g. API 32, Tiramisu ]
-  - type: checkboxes
-    id: issue-tracking-info
-    attributes:
-      label: Issue Tracking Info
-      description: |
-        Issue tracking information
-      options:
-        - label: I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

.github/ISSUE_TEMPLATE/bug-passkey.yml

@@ -1,64 +0,0 @@
-name: Passkey Bug Report
-description: File a Passkey / FIDO2 related bug report
-labels: [ "app:password-manager", "bug-passkey" ]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thanks for taking the time to fill out this Passkey-related bug report!
-
-        Please provide as much detail as possible to help us investigate the issue.
-
-  - type: dropdown
-    id: origin
-    attributes:
-      label: Origin
-      description: Are you using a web browser or a native application?
-      options:
-        - Web (Browser)
-        - Native Application (non-browser app)
-    validations:
-      required: true
-
-  - type: input
-    id: rp-id
-    attributes:
-      label: Web URL or App name
-      description: The website domain or app name you were trying to use the Passkey with
-      placeholder: "e.g. example.com or ExampleApp"
-    validations:
-      required: true
-
-  - type: checkboxes
-    id: operation-type
-    attributes:
-      label: Passkey Action
-      description: What passkey related action(s) were you trying to perform?
-      options:
-        - label: Creating new passkey (Registration)
-        - label: Signing in (Authentication)
-    validations:
-      required: true
-
-  - type: textarea
-    id: build-info
-    attributes:
-      label: Build Information
-      description: Please retrieve the build information from the About screen by tapping the Version number field
-    validations:
-      required: true
-
-  - type: textarea
-    id: additional-info
-    attributes:
-      label: Additional Information
-      description: Any additional context, steps to reproduce, error messages, or relevant information about the issue
-
-  - type: checkboxes
-    id: issue-tracking-info
-    attributes:
-      label: Issue Tracking Info
-      description: |
-        Issue tracking information
-      options:
-        - label: I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

.github/ISSUE_TEMPLATE/bug.yml

@@ -1,6 +1,6 @@
-name: Password Manager Android App Bug Report
+name: Android Bug Report
 description: File a bug report
-labels: [ "app:password-manager", "bug" ]
+labels: [ bug ]
 body:
   - type: markdown
     attributes:

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +1,8 @@
 blank_issues_enabled: false
 contact_links:
+  - name: Legacy Android Bug Reports
+    url: https://github.com/bitwarden/mobile/issues
+    about: Bugs found in the publicly available .NET MAUI app should be reported in [bitwarden/mobile](https://github.com/bitwarden/mobile)
   - name: Feature Requests
     url: https://community.bitwarden.com/c/feature-requests/
     about: Request new features using the Community Forums. Please search existing feature requests before making a new one.

.github/PULL_REQUEST_TEMPLATE.md

@@ -15,11 +15,10 @@
 - Contributor guidelines followed
 - All formatters and local linters executed and passed
 - Written new unit and / or integration tests where applicable
-- Protected functional changes with optionality (feature flags)
 - Used internationalization (i18n) for all UI strings
 - CI builds passed
 - Communicated to DevOps any deployment requirements
-- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
+- Updated any necessary documentation or informed the documentation team
 
 ## 🦮 Reviewer guidelines
 
@@ -28,7 +27,8 @@
 - 👍 (`:+1:`) or similar for great changes
 - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
 - ❓ (`:question:`) for questions
-- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
+- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed
+  issue and could potentially benefit from discussion
 - 🎨 (`:art:`) for suggestions / improvements
 - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention
 - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt

.github/codecov.yml

@@ -1,2 +0,0 @@
-ignore:
-  - "src/test/**" # Tests

.github/renovate.json

@@ -1,56 +1,32 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "github>bitwarden/renovate-config"
-  ],
-  "enabledManagers": [
-    "github-actions",
-    "gradle",
-    "bundler"
-  ],
+  "extends": ["github>bitwarden/renovate-config"],
+  "enabledManagers": ["github-actions", "gradle", "bundler"],
   "packageRules": [
     {
       "groupName": "gh minor",
-      "matchManagers": [
-        "github-actions"
-      ],
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ]
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["minor", "patch"]
     },
     {
       "groupName": "gradle minor",
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
-      "matchManagers": [
-        "gradle"
-      ]
+      "matchUpdateTypes": ["minor", "patch"],
+      "matchManagers": ["gradle"]
     },
     {
       "groupName": "kotlin",
       "description": "Kotlin and Compose dependencies that must be updated together to maintain compatibility.",
-      "matchManagers": [
-        "gradle"
+      "matchPackagePatterns": [
+        "androidx.compose:compose-bom",
+        "org.jetbrains.kotlin.*",
+        "com.google.devtools.ksp"
       ],
-      "matchPackageNames": [
-        "/androidx.compose:compose-bom/",
-        "/androidx.lifecycle:*/",
-        "/org.jetbrains.kotlin.*/",
-        "/com.google.devtools.ksp/"
-      ]
+      "matchManagers": ["gradle"]
     },
     {
       "groupName": "bundler minor",
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
-      "matchManagers": [
-        "bundler"
-      ]
+      "matchUpdateTypes": ["minor", "patch"],
+      "matchManagers": ["bundler"]
     }
   ]
 }

.github/scripts/jira-get-release-notes/README.md

@@ -1,133 +0,0 @@
-# Get Release Notes from Jira script
-
-Fetches release notes from Jira issues.
-
-## Prerequisites
-
-- Python dev environment - use [uv](https://github.com/astral-sh/uv)
-- Jira API token. Generate one at: https://id.atlassian.com/manage-profile/security/api-tokens
-- Install dependencies:
-
-```bash
-uv pip install -r pyproject.toml
-```
-
-## Usage
-
-```bash
-./jira_release_notes.py RELEASE-1762 example@example.com T0k3n123
-```
-
-# Output Format
-
-The script retrieves the content from a custom field and handles two types of Jira release notes formats:
-
-1. Bullet Points:
-```
-• Point 1
-• Point 2
-• Point 3
-```
-
-2. Single Line:
-```
-Single line of release notes text
-```
-
-## Jira JSON format example
-
-### Single line
-
-```json
-...
-"customfield_10335": {
-    "type": "doc",
-    "version": 1,
-    "content": [
-        {
-            "type": "paragraph",
-            "content": [
-                {
-                    "type": "text",
-                    "text": "Single line release notes"
-                }
-            ]
-        }
-    ]
-},
-...
-```
-
-### Bullet points
-
-```json
-...
-"customfield_10335": {
-    "type": "doc",
-    "version": 1,
-    "content": [
-        {
-            "type": "bulletList",
-            "content": [
-                {
-                    "type": "listItem",
-                    "content": [
-                        {
-                            "type": "paragraph",
-                            "content": [
-                                {
-                                    "type": "text",
-                                    "text": "Release notes list item 1"
-                                }
-                            ]
-                        }
-                    ]
-                },
-                {
-                    "type": "listItem",
-                    "content": [
-                        {
-                            "type": "paragraph",
-                            "content": [
-                                {
-                                    "type": "text",
-                                    "text": "Release notes list item 2"
-                                }
-                            ]
-                        }
-                    ]
-                },
-                {
-                    "type": "listItem",
-                    "content": [
-                        {
-                            "type": "paragraph",
-                            "content": [
-                                {
-                                    "type": "text",
-                                    "text": "Release notes list item 3"
-                                }
-                            ]
-                        }
-                    ]
-                },
-                {
-                    "type": "listItem",
-                    "content": [
-                        {
-                            "type": "paragraph",
-                            "content": [
-                                {
-                                    "type": "text",
-                                    "text": "Release notes list item 4"
-                                }
-                            ]
-                        }
-                    ]
-                }
-            ]
-        }
-    ]
-},
-...
-```

.github/scripts/jira-get-release-notes/jira_release_notes.py

@@ -1,70 +0,0 @@
-#!/usr/bin/env python3
-
-import sys
-import base64
-import json
-import requests
-
-def extract_text_from_content(content):
-    if isinstance(content, list):
-        texts = [extract_text_from_content(item) for item in content]
-        return '\n'.join(text for text in texts if text.strip())
-
-    if isinstance(content, dict):
-        if content.get('type') == 'text':
-            return content.get('text', '')
-        elif content.get('type') == 'paragraph':
-            return extract_text_from_content(content.get('content', []))
-        elif content.get('type') == 'bulletList':
-            return extract_text_from_content(content.get('content', []))
-        elif content.get('type') == 'listItem':
-            item_text = extract_text_from_content(content.get('content', []))
-            return f"* {item_text.strip()}"
-
-    return ''
-
-def parse_release_notes(response_json):
-    try:
-        fields = response_json.get('fields', {})
-        release_notes_field = fields.get('customfield_10335', {})
-
-        if not release_notes_field or not release_notes_field.get('content'):
-            return ''
-
-        release_notes = extract_text_from_content(release_notes_field.get('content', []))
-        return release_notes
-
-    except Exception as e:
-        print(f"Error parsing release notes: {str(e)}", file=sys.stderr)
-        return ''
-
-def main():
-    if len(sys.argv) != 4:
-        print(f"Usage: {sys.argv[0]} <issue_id> <jira_email> <jira_api_token>")
-        sys.exit(1)
-
-    jira_issue_id = sys.argv[1]
-    jira_email = sys.argv[2]
-    jira_api_token = sys.argv[3]
-    jira_base_url = "https://bitwarden.atlassian.net"
-
-    auth = base64.b64encode(f"{jira_email}:{jira_api_token}".encode()).decode()
-    headers = {
-        "Authorization": f"Basic {auth}",
-        "Content-Type": "application/json"
-    }
-
-    response = requests.get(
-        f"{jira_base_url}/rest/api/3/issue/{jira_issue_id}",
-        headers=headers
-    )
-
-    if response.status_code != 200:
-        print(f"Error fetching Jira issue: {response.status_code}", file=sys.stderr)
-        sys.exit(1)
-
-    release_notes = parse_release_notes(response.json())
-    print(release_notes)
-
-if __name__ == "__main__":
-    main()

.github/scripts/jira-get-release-notes/pyproject.toml

@@ -1,9 +0,0 @@
-[project]
-name = "jira-get-release-notes"
-version = "0.1.0"
-description = "Add your description here"
-readme = "README.md"
-requires-python = ">=3.12"
-dependencies = [
-    "requests>=2.32.3",
-]

.github/scripts/jira-get-release-notes/uv.lock

@@ -1,91 +0,0 @@
-version = 1
-revision = 2
-requires-python = ">=3.12"
-
-[[package]]
-name = "certifi"
-version = "2025.4.26"
-source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/e8/9e/c05b3920a3b7d20d3d3310465f50348e5b3694f4f88c6daf736eef3024c4/certifi-2025.4.26.tar.gz", hash = "sha256:0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6", size = 160705, upload-time = "2025-04-26T02:12:29.51Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/4a/7e/3db2bd1b1f9e95f7cddca6d6e75e2f2bd9f51b1246e546d88addca0106bd/certifi-2025.4.26-py3-none-any.whl", hash = "sha256:30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3", size = 159618, upload-time = "2025-04-26T02:12:27.662Z" },
-]
-
-[[package]]
-name = "charset-normalizer"
-version = "3.4.2"
-source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/e4/33/89c2ced2b67d1c2a61c19c6751aa8902d46ce3dacb23600a283619f5a12d/charset_normalizer-3.4.2.tar.gz", hash = "sha256:5baececa9ecba31eff645232d59845c07aa030f0c81ee70184a90d35099a0e63", size = 126367, upload-time = "2025-05-02T08:34:42.01Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/d7/a4/37f4d6035c89cac7930395a35cc0f1b872e652eaafb76a6075943754f095/charset_normalizer-3.4.2-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:0c29de6a1a95f24b9a1aa7aefd27d2487263f00dfd55a77719b530788f75cff7", size = 199936, upload-time = "2025-05-02T08:32:33.712Z" },
-    { url = "https://files.pythonhosted.org/packages/ee/8a/1a5e33b73e0d9287274f899d967907cd0bf9c343e651755d9307e0dbf2b3/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cddf7bd982eaa998934a91f69d182aec997c6c468898efe6679af88283b498d3", size = 143790, upload-time = "2025-05-02T08:32:35.768Z" },
-    { url = "https://files.pythonhosted.org/packages/66/52/59521f1d8e6ab1482164fa21409c5ef44da3e9f653c13ba71becdd98dec3/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fcbe676a55d7445b22c10967bceaaf0ee69407fbe0ece4d032b6eb8d4565982a", size = 153924, upload-time = "2025-05-02T08:32:37.284Z" },
-    { url = "https://files.pythonhosted.org/packages/86/2d/fb55fdf41964ec782febbf33cb64be480a6b8f16ded2dbe8db27a405c09f/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d41c4d287cfc69060fa91cae9683eacffad989f1a10811995fa309df656ec214", size = 146626, upload-time = "2025-05-02T08:32:38.803Z" },
-    { url = "https://files.pythonhosted.org/packages/8c/73/6ede2ec59bce19b3edf4209d70004253ec5f4e319f9a2e3f2f15601ed5f7/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4e594135de17ab3866138f496755f302b72157d115086d100c3f19370839dd3a", size = 148567, upload-time = "2025-05-02T08:32:40.251Z" },
-    { url = "https://files.pythonhosted.org/packages/09/14/957d03c6dc343c04904530b6bef4e5efae5ec7d7990a7cbb868e4595ee30/charset_normalizer-3.4.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:cf713fe9a71ef6fd5adf7a79670135081cd4431c2943864757f0fa3a65b1fafd", size = 150957, upload-time = "2025-05-02T08:32:41.705Z" },
-    { url = "https://files.pythonhosted.org/packages/0d/c8/8174d0e5c10ccebdcb1b53cc959591c4c722a3ad92461a273e86b9f5a302/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:a370b3e078e418187da8c3674eddb9d983ec09445c99a3a263c2011993522981", size = 145408, upload-time = "2025-05-02T08:32:43.709Z" },
-    { url = "https://files.pythonhosted.org/packages/58/aa/8904b84bc8084ac19dc52feb4f5952c6df03ffb460a887b42615ee1382e8/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:a955b438e62efdf7e0b7b52a64dc5c3396e2634baa62471768a64bc2adb73d5c", size = 153399, upload-time = "2025-05-02T08:32:46.197Z" },
-    { url = "https://files.pythonhosted.org/packages/c2/26/89ee1f0e264d201cb65cf054aca6038c03b1a0c6b4ae998070392a3ce605/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:7222ffd5e4de8e57e03ce2cef95a4c43c98fcb72ad86909abdfc2c17d227fc1b", size = 156815, upload-time = "2025-05-02T08:32:48.105Z" },
-    { url = "https://files.pythonhosted.org/packages/fd/07/68e95b4b345bad3dbbd3a8681737b4338ff2c9df29856a6d6d23ac4c73cb/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:bee093bf902e1d8fc0ac143c88902c3dfc8941f7ea1d6a8dd2bcb786d33db03d", size = 154537, upload-time = "2025-05-02T08:32:49.719Z" },
-    { url = "https://files.pythonhosted.org/packages/77/1a/5eefc0ce04affb98af07bc05f3bac9094513c0e23b0562d64af46a06aae4/charset_normalizer-3.4.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:dedb8adb91d11846ee08bec4c8236c8549ac721c245678282dcb06b221aab59f", size = 149565, upload-time = "2025-05-02T08:32:51.404Z" },
-    { url = "https://files.pythonhosted.org/packages/37/a0/2410e5e6032a174c95e0806b1a6585eb21e12f445ebe239fac441995226a/charset_normalizer-3.4.2-cp312-cp312-win32.whl", hash = "sha256:db4c7bf0e07fc3b7d89ac2a5880a6a8062056801b83ff56d8464b70f65482b6c", size = 98357, upload-time = "2025-05-02T08:32:53.079Z" },
-    { url = "https://files.pythonhosted.org/packages/6c/4f/c02d5c493967af3eda9c771ad4d2bbc8df6f99ddbeb37ceea6e8716a32bc/charset_normalizer-3.4.2-cp312-cp312-win_amd64.whl", hash = "sha256:5a9979887252a82fefd3d3ed2a8e3b937a7a809f65dcb1e068b090e165bbe99e", size = 105776, upload-time = "2025-05-02T08:32:54.573Z" },
-    { url = "https://files.pythonhosted.org/packages/ea/12/a93df3366ed32db1d907d7593a94f1fe6293903e3e92967bebd6950ed12c/charset_normalizer-3.4.2-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:926ca93accd5d36ccdabd803392ddc3e03e6d4cd1cf17deff3b989ab8e9dbcf0", size = 199622, upload-time = "2025-05-02T08:32:56.363Z" },
-    { url = "https://files.pythonhosted.org/packages/04/93/bf204e6f344c39d9937d3c13c8cd5bbfc266472e51fc8c07cb7f64fcd2de/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:eba9904b0f38a143592d9fc0e19e2df0fa2e41c3c3745554761c5f6447eedabf", size = 143435, upload-time = "2025-05-02T08:32:58.551Z" },
-    { url = "https://files.pythonhosted.org/packages/22/2a/ea8a2095b0bafa6c5b5a55ffdc2f924455233ee7b91c69b7edfcc9e02284/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3fddb7e2c84ac87ac3a947cb4e66d143ca5863ef48e4a5ecb83bd48619e4634e", size = 153653, upload-time = "2025-05-02T08:33:00.342Z" },
-    { url = "https://files.pythonhosted.org/packages/b6/57/1b090ff183d13cef485dfbe272e2fe57622a76694061353c59da52c9a659/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:98f862da73774290f251b9df8d11161b6cf25b599a66baf087c1ffe340e9bfd1", size = 146231, upload-time = "2025-05-02T08:33:02.081Z" },
-    { url = "https://files.pythonhosted.org/packages/e2/28/ffc026b26f441fc67bd21ab7f03b313ab3fe46714a14b516f931abe1a2d8/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c9379d65defcab82d07b2a9dfbfc2e95bc8fe0ebb1b176a3190230a3ef0e07c", size = 148243, upload-time = "2025-05-02T08:33:04.063Z" },
-    { url = "https://files.pythonhosted.org/packages/c0/0f/9abe9bd191629c33e69e47c6ef45ef99773320e9ad8e9cb08b8ab4a8d4cb/charset_normalizer-3.4.2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e635b87f01ebc977342e2697d05b56632f5f879a4f15955dfe8cef2448b51691", size = 150442, upload-time = "2025-05-02T08:33:06.418Z" },
-    { url = "https://files.pythonhosted.org/packages/67/7c/a123bbcedca91d5916c056407f89a7f5e8fdfce12ba825d7d6b9954a1a3c/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:1c95a1e2902a8b722868587c0e1184ad5c55631de5afc0eb96bc4b0d738092c0", size = 145147, upload-time = "2025-05-02T08:33:08.183Z" },
-    { url = "https://files.pythonhosted.org/packages/ec/fe/1ac556fa4899d967b83e9893788e86b6af4d83e4726511eaaad035e36595/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:ef8de666d6179b009dce7bcb2ad4c4a779f113f12caf8dc77f0162c29d20490b", size = 153057, upload-time = "2025-05-02T08:33:09.986Z" },
-    { url = "https://files.pythonhosted.org/packages/2b/ff/acfc0b0a70b19e3e54febdd5301a98b72fa07635e56f24f60502e954c461/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:32fc0341d72e0f73f80acb0a2c94216bd704f4f0bce10aedea38f30502b271ff", size = 156454, upload-time = "2025-05-02T08:33:11.814Z" },
-    { url = "https://files.pythonhosted.org/packages/92/08/95b458ce9c740d0645feb0e96cea1f5ec946ea9c580a94adfe0b617f3573/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:289200a18fa698949d2b39c671c2cc7a24d44096784e76614899a7ccf2574b7b", size = 154174, upload-time = "2025-05-02T08:33:13.707Z" },
-    { url = "https://files.pythonhosted.org/packages/78/be/8392efc43487ac051eee6c36d5fbd63032d78f7728cb37aebcc98191f1ff/charset_normalizer-3.4.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:4a476b06fbcf359ad25d34a057b7219281286ae2477cc5ff5e3f70a246971148", size = 149166, upload-time = "2025-05-02T08:33:15.458Z" },
-    { url = "https://files.pythonhosted.org/packages/44/96/392abd49b094d30b91d9fbda6a69519e95802250b777841cf3bda8fe136c/charset_normalizer-3.4.2-cp313-cp313-win32.whl", hash = "sha256:aaeeb6a479c7667fbe1099af9617c83aaca22182d6cf8c53966491a0f1b7ffb7", size = 98064, upload-time = "2025-05-02T08:33:17.06Z" },
-    { url = "https://files.pythonhosted.org/packages/e9/b0/0200da600134e001d91851ddc797809e2fe0ea72de90e09bec5a2fbdaccb/charset_normalizer-3.4.2-cp313-cp313-win_amd64.whl", hash = "sha256:aa6af9e7d59f9c12b33ae4e9450619cf2488e2bbe9b44030905877f0b2324980", size = 105641, upload-time = "2025-05-02T08:33:18.753Z" },
-    { url = "https://files.pythonhosted.org/packages/20/94/c5790835a017658cbfabd07f3bfb549140c3ac458cfc196323996b10095a/charset_normalizer-3.4.2-py3-none-any.whl", hash = "sha256:7f56930ab0abd1c45cd15be65cc741c28b1c9a34876ce8c17a2fa107810c0af0", size = 52626, upload-time = "2025-05-02T08:34:40.053Z" },
-]
-
-[[package]]
-name = "jira-get-release-notes"
-version = "0.1.0"
-source = { virtual = "." }
-dependencies = [
-    { name = "requests" },
-]
-
-[package.metadata]
-requires-dist = [{ name = "requests", specifier = ">=2.32.3" }]
-
-[[package]]
-name = "idna"
-version = "3.10"
-source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/f1/70/7703c29685631f5a7590aa73f1f1d3fa9a380e654b86af429e0934a32f7d/idna-3.10.tar.gz", hash = "sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9", size = 190490, upload-time = "2024-09-15T18:07:39.745Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/76/c6/c88e154df9c4e1a2a66ccf0005a88dfb2650c1dffb6f5ce603dfbd452ce3/idna-3.10-py3-none-any.whl", hash = "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3", size = 70442, upload-time = "2024-09-15T18:07:37.964Z" },
-]
-
-[[package]]
-name = "requests"
-version = "2.32.3"
-source = { registry = "https://pypi.org/simple" }
-dependencies = [
-    { name = "certifi" },
-    { name = "charset-normalizer" },
-    { name = "idna" },
-    { name = "urllib3" },
-]
-sdist = { url = "https://files.pythonhosted.org/packages/63/70/2bf7780ad2d390a8d301ad0b550f1581eadbd9a20f896afe06353c2a2913/requests-2.32.3.tar.gz", hash = "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760", size = 131218, upload-time = "2024-05-29T15:37:49.536Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/f9/9b/335f9764261e915ed497fcdeb11df5dfd6f7bf257d4a6a2a686d80da4d54/requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6", size = 64928, upload-time = "2024-05-29T15:37:47.027Z" },
-]
-
-[[package]]
-name = "urllib3"
-version = "2.4.0"
-source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/8a/78/16493d9c386d8e60e442a35feac5e00f0913c0f4b7c217c11e8ec2ff53e0/urllib3-2.4.0.tar.gz", hash = "sha256:414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466", size = 390672, upload-time = "2025-04-10T15:23:39.232Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/6b/11/cc635220681e93a0183390e26485430ca2c7b5f9d33b15c74c2861cb8091/urllib3-2.4.0-py3-none-any.whl", hash = "sha256:4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813", size = 128680, upload-time = "2025-04-10T15:23:37.377Z" },
-]

.github/scripts/validate-json/.python-version

@@ -1 +0,0 @@
-3.13

.github/scripts/validate-json/README.md

@@ -1,39 +0,0 @@
-# JSON Validation Scripts
-
-Utility scripts for validating JSON files and checking for duplicate package names between Google and Community privileged browser lists.
-
-## Usage
-
-### Validate a JSON file
-
-```bash
-python validate_json.py validate <json_file>
-```
-
-### Check for duplicates between two JSON files
-
-```bash
-python validate_json.py duplicates <json_file1> <json_file2> [output_file]
-```
-
-If `output_file` is not specified, duplicates will be saved to `duplicates.txt`.
-
-## Running Tests
-
-```bash
-# Run all tests
-python -m unittest test_validate_json.py
-
-# Run the invalid JSON test individually
-python -m unittest test_validate_json.TestValidateJson.test_validate_json_invalid
-```
-
-## Examples
-
-```bash
-# Validate Google privileged browsers list
-python validate_json.py validate ../../app/src/main/assets/fido2_privileged_google.json
-
-# Check for duplicates between Google and Community lists
-python validate_json.py duplicates ../../app/src/main/assets/fido2_privileged_google.json ../../app/src/main/assets/fido2_privileged_community.json duplicates.txt
-```

.github/scripts/validate-json/fixtures/sample-invalid.json

@@ -1,20 +0,0 @@
-{
-  "apps": [
-
-      "type": "android",
-      "info": {
-        "package_name": "com.android.chrome",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
-          }
-        ]
-      }
-    }
-  ]
-}

.github/scripts/validate-json/fixtures/sample-valid1.json

@@ -1,48 +0,0 @@
-{
-  "apps": [
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.android.chrome",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.chrome.dev",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "90:44:EE:5F:EE:4B:BC:5E:21:DD:44:66:54:31:C4:EB:1F:1F:71:A3:27:16:A0:BC:92:7B:CB:B3:92:33:CA:BF"
-          },
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.chrome.canary",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "DF:A1:FB:23:EF:BF:70:C5:BC:D1:44:3C:5B:EA:B0:4F:3F:2F:F4:36:6E:9A:C1:E3:45:76:39:A2:4C:FC"
-          }
-        ]
-      }
-    }
-  ]
-}

.github/scripts/validate-json/fixtures/sample-valid2.json

@@ -1,20 +0,0 @@
-{
-  "apps": [
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.chromium.chrome",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "C6:AD:B8:B8:3C:6D:4C:17:D2:92:AF:DE:56:FD:48:8A:51:D3:16:FF:8F:2C:11:C5:41:02:23:BF:F8:A7:DB:B3"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
-          }
-        ]
-      }
-    }
-  ]
-}

.github/scripts/validate-json/test_validate_json.py

@@ -1,48 +0,0 @@
-#!/usr/bin/env python3
-import unittest
-import os
-import json
-from validate_json import validate_json, find_duplicates, get_package_names
-from unittest.mock import patch
-import io
-
-
-class TestValidateJson(unittest.TestCase):
-    def setUp(self):
-        self.valid_file = os.path.join(os.path.dirname(__file__), "fixtures/sample-valid1.json")
-        self.valid_file2 = os.path.join(os.path.dirname(__file__), "fixtures/sample-valid2.json")
-        self.invalid_file = os.path.join(os.path.dirname(__file__), "fixtures/sample-invalid.json")
-
-        # Suppress stdout
-        self.stdout_patcher = patch('sys.stdout', new=io.StringIO())
-        self.stdout_patcher.start()
-
-    def tearDown(self):
-        self.stdout_patcher.stop()
-
-    def test_validate_json_valid(self):
-        """Test validation of valid JSON file"""
-        self.assertTrue(validate_json(self.valid_file))
-
-    def test_validate_json_invalid(self):
-        """Test validation of invalid JSON file"""
-        self.assertFalse(validate_json(self.invalid_file))
-
-    def test_find_duplicates(self):
-        """Test when using the same file (should find duplicates)"""
-        expected_package_names = get_package_names(self.valid_file)
-
-        duplicates = find_duplicates(self.valid_file, self.valid_file)
-
-        self.assertEqual(len(duplicates), len(expected_package_names))
-        for package_name in expected_package_names:
-            self.assertIn(package_name, duplicates)
-
-    def test_find_duplicates_returns_empty_list_when_no_duplicates(self):
-        """Test when using different files (should not find duplicates)"""
-        duplicates = find_duplicates(self.valid_file, self.valid_file2)
-        self.assertEqual(len(duplicates), 0)
-
-
-if __name__ == "__main__":
-    unittest.main()

.github/scripts/validate-json/validate_json.py

@@ -1,145 +0,0 @@
-#!/usr/bin/env python3
-import json
-import sys
-import os
-from typing import List, Dict, Any, Set
-
-
-def get_package_names(file_path: str) -> Set[str]:
-    """
-    Extracts package names from a JSON file.
-
-    Args:
-        file_path: Path to the JSON file
-
-    Returns:
-        Set of package names
-    """
-    with open(file_path, 'r') as f:
-        data = json.load(f)
-
-    package_names = set()
-    for app in data["apps"]:
-        package_names.add(app["info"]["package_name"])
-
-    return package_names
-
-
-def validate_json(file_path: str) -> bool:
-    """
-    Validates if a JSON file is correctly formatted by attempting to deserialize it.
-
-    Args:
-        file_path: Path to the JSON file to validate
-
-    Returns:
-        True if valid, False otherwise
-    """
-    try:
-        if not os.path.exists(file_path):
-            print(f"Error: File {file_path} does not exist")
-            return False
-
-        with open(file_path, 'r') as f:
-            json.load(f)
-        print(f"✅ JSON file {file_path} is valid")
-        return True
-    except json.JSONDecodeError as e:
-        print(f"❌ Invalid JSON in {file_path}: {str(e)}")
-        return False
-    except Exception as e:
-        print(f"❌ Error validating {file_path}: {str(e)}")
-        return False
-
-
-def find_duplicates(file1_path: str, file2_path: str) -> List[str]:
-    """
-    Checks for duplicate package_name entries between two JSON files.
-
-    Args:
-        file1_path: Path to the first JSON file
-        file2_path: Path to the second JSON file
-
-    Returns:
-        List of duplicate package names, empty list if none found
-    """
-    try:
-        # Get package names from both files
-        packages1 = get_package_names(file1_path)
-        packages2 = get_package_names(file2_path)
-
-        # Find duplicates
-        duplicates = list(packages1.intersection(packages2))
-
-        if duplicates:
-            print(f"❌ Found {len(duplicates)} duplicate package names between {file1_path} and {file2_path}:")
-            for dup in duplicates:
-                print(f"  - {dup}")
-            return duplicates
-        else:
-            print(f"✅ No duplicate package names found between {file1_path} and {file2_path}")
-            return []
-
-    except Exception as e:
-        print(f"❌ Error checking duplicates: {str(e)}")
-        return []
-
-
-def save_duplicates_to_file(duplicates: List[str], output_file: str) -> None:
-    """
-    Saves the list of duplicates to a file.
-
-    Args:
-        duplicates: List of duplicate package names
-        output_file: Path to save the list of duplicates
-    """
-    try:
-        with open(output_file, 'w') as f:
-            for dup in duplicates:
-                f.write(f"{dup}\n")
-        print(f"Duplicates saved to {output_file}")
-    except Exception as e:
-        print(f"❌ Error saving duplicates to file: {str(e)}")
-
-
-def main():
-    if len(sys.argv) < 2:
-        print("Usage:")
-        print("  Validate JSON: python validate_json.py validate <json_file>")
-        print("  Check duplicates: python validate_json.py duplicates <json_file1> <json_file2> [output_file]")
-        sys.exit(1)
-
-    command = sys.argv[1]
-
-    match command:
-        case "validate":
-            if len(sys.argv) < 3:
-                print("Error: Missing JSON file path")
-                sys.exit(1)
-
-            file_path = sys.argv[2]
-            success = validate_json(file_path)
-            sys.exit(0 if success else 1)
-
-        case "duplicates":
-            if len(sys.argv) < 4:
-                print("Error: Missing JSON file paths")
-                sys.exit(1)
-
-            file1_path = sys.argv[2]
-            file2_path = sys.argv[3]
-            output_file = sys.argv[4] if len(sys.argv) > 4 else "duplicates.txt"
-
-            duplicates = find_duplicates(file1_path, file2_path)
-            if duplicates:
-                save_duplicates_to_file(duplicates, output_file)
-
-            sys.exit(0)
-
-        case _:
-            print(f"Unknown command: {command}")
-            sys.exit(1)
-
-
-if __name__ == "__main__":
-    main()

.github/workflows/build-authenticator.yml

@@ -1,9 +1,9 @@
 name: Build Authenticator
 
 on:
-  push:
-    branches:
-      - main
+  # push:
+  #   branches:
+  #     - main
   workflow_dispatch:
     inputs:
       version-name:
@@ -29,33 +29,20 @@ env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   JAVA_VERSION: 17
 
-permissions:
-  contents: read
-  packages: read
-
 jobs:
   build:
     name: Build Authenticator
     runs-on: ubuntu-24.04
 
     steps:
-      - name: Log inputs to job summary
-        run: |
-          echo "<details><summary>Job Inputs</summary>" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo '```json' >> $GITHUB_STEP_SUMMARY
-          echo '${{ toJson(inputs) }}' >> $GITHUB_STEP_SUMMARY
-          echo '```' >> $GITHUB_STEP_SUMMARY
-          echo "</details>" >> $GITHUB_STEP_SUMMARY
-
       - name: Check out repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
+        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
 
       - name: Cache Gradle files
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ~/.gradle/caches
@@ -65,7 +52,7 @@ jobs:
             ${{ runner.os }}-gradle-v2-
 
       - name: Cache build output
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ${{ github.workspace }}/build-cache
@@ -74,13 +61,13 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure JDK
-        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
         with:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
+        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
         with:
           bundler-cache: true
 
@@ -91,7 +78,7 @@ jobs:
           bundle install --jobs 4 --retry 3
 
       - name: Check Authenticator
-        run: bundle exec fastlane check
+        run: bundle exec fastlane checkAuthenticator
 
       - name: Build Authenticator
         run: bundle exec fastlane buildAuthenticatorDebug
@@ -111,7 +98,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
+        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
         with:
           bundler-cache: true
 
@@ -122,7 +109,7 @@ jobs:
           bundle install --jobs 4 --retry 3
 
       - name: Log in to Azure
-        uses: Azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
         with:
           creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
@@ -140,12 +127,6 @@ jobs:
           az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
           --name authenticator_aab-keystore.jks --file ${{ github.workspace }}/keystores/authenticator_aab-keystore.jks --output none
 
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name com.bitwarden.authenticator-google-services.json --file ${{ github.workspace }}/authenticator/src/google-services.json --output none
-
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name com.bitwarden.authenticator.dev-google-services.json --file ${{ github.workspace }}/authenticator/src/debug/google-services.json --output none
-
       - name: Download Firebase credentials
         if : ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
         env:
@@ -175,10 +156,10 @@ jobs:
           json_key:${{ github.workspace }}/secrets/authenticator_play_store-creds.json }}
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
+        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
 
       - name: Cache Gradle files
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ~/.gradle/caches
@@ -188,7 +169,7 @@ jobs:
             ${{ runner.os }}-gradle-v2-
 
       - name: Cache build output
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ${{ github.workspace }}/build-cache
@@ -197,7 +178,7 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure JDK
-        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
         with:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
@@ -237,7 +218,7 @@ jobs:
 
       - name: Upload release Play Store .aab artifact
         if: ${{ matrix.variant == 'aab' }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.bitwarden.authenticator.aab
           path: authenticator/build/outputs/bundle/release/com.bitwarden.authenticator.aab
@@ -245,7 +226,7 @@ jobs:
 
       - name: Upload release .apk artifact
         if: ${{ matrix.variant == 'apk' }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.bitwarden.authenticator.apk
           path: authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk
@@ -265,7 +246,7 @@ jobs:
 
       - name: Upload .apk SHA file for release
         if: ${{ matrix.variant == 'apk' }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: authenticator-android-apk-sha256.txt
           path: ./authenticator-android-apk-sha256.txt
@@ -273,7 +254,7 @@ jobs:
 
       - name: Upload .aab SHA file for release
         if: ${{ matrix.variant == 'aab' }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: authenticator-android-aab-sha256.txt
           path: ./authenticator-android-aab-sha256.txt

.github/workflows/build.yml

@@ -30,33 +30,20 @@ env:
   JAVA_VERSION: 17
   GITHUB_ACTION_RUN_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
 
-permissions:
-  contents: read
-  packages: read
-
 jobs:
   build:
     name: Build
     runs-on: ubuntu-24.04
 
     steps:
-      - name: Log inputs to job summary
-        run: |
-          echo "<details><summary>Job Inputs</summary>" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo '```json' >> $GITHUB_STEP_SUMMARY
-          echo '${{ toJson(inputs) }}' >> $GITHUB_STEP_SUMMARY
-          echo '```' >> $GITHUB_STEP_SUMMARY
-          echo "</details>" >> $GITHUB_STEP_SUMMARY
-
       - name: Check out repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
+        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
 
       - name: Cache Gradle files
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ~/.gradle/caches
@@ -66,7 +53,7 @@ jobs:
             ${{ runner.os }}-gradle-v2-
 
       - name: Cache build output
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ${{ github.workspace }}/build-cache
@@ -75,13 +62,13 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure JDK
-        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
         with:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
+        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
         with:
           bundler-cache: true
 
@@ -98,7 +85,7 @@ jobs:
         run: bundle exec fastlane assembleDebugApks
 
       - name: Upload test reports on failure
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         if: failure()
         with:
           name: test-reports
@@ -119,7 +106,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
+        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
         with:
           bundler-cache: true
 
@@ -130,7 +117,7 @@ jobs:
           bundle install --jobs 4 --retry 3
 
       - name: Log in to Azure
-        uses: Azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         with:
           creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
@@ -170,10 +157,10 @@ jobs:
           --name app_play_prod_firebase-creds.json --file ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json --output none
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
+        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
 
       - name: Cache Gradle files
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ~/.gradle/caches
@@ -183,7 +170,7 @@ jobs:
             ${{ runner.os }}-gradle-v2-
 
       - name: Cache build output
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ${{ github.workspace }}/build-cache
@@ -192,7 +179,7 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure JDK
-        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
         with:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
@@ -208,7 +195,7 @@ jobs:
 
       - name: Increment version
         run: |
-          DEFAULT_VERSION_CODE=$((11000+GITHUB_RUN_NUMBER))
+          DEFAULT_VERSION_CODE=$((11000+$GITHUB_RUN_NUMBER))
           bundle exec fastlane setBuildVersionInfo \
           versionCode:${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }} \
           versionName:${{ inputs.version-name }}
@@ -266,7 +253,7 @@ jobs:
 
       - name: Upload release Play Store .aab artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.aab
           path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden.aab
@@ -274,7 +261,7 @@ jobs:
 
       - name: Upload beta Play Store .aab artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.beta.aab
           path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden.beta.aab
@@ -282,7 +269,7 @@ jobs:
 
       - name: Upload release .apk artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.apk
           path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden.apk
@@ -290,7 +277,7 @@ jobs:
 
       - name: Upload beta .apk artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.beta.apk
           path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden.beta.apk
@@ -299,7 +286,7 @@ jobs:
       # When building variants other than 'prod'
       - name: Upload debug .apk artifact
         if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.${{ matrix.variant }}.apk
           path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk
@@ -337,7 +324,7 @@ jobs:
 
       - name: Upload .apk SHA file for release
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.apk-sha256.txt
           path: ./com.x8bit.bitwarden.apk-sha256.txt
@@ -345,7 +332,7 @@ jobs:
 
       - name: Upload .apk SHA file for beta
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.beta.apk-sha256.txt
           path: ./com.x8bit.bitwarden.beta.apk-sha256.txt
@@ -353,7 +340,7 @@ jobs:
 
       - name: Upload .aab SHA file for release
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.aab-sha256.txt
           path: ./com.x8bit.bitwarden.aab-sha256.txt
@@ -361,7 +348,7 @@ jobs:
 
       - name: Upload .aab SHA file for beta
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.beta.aab-sha256.txt
           path: ./com.x8bit.bitwarden.beta.aab-sha256.txt
@@ -369,7 +356,7 @@ jobs:
 
       - name: Upload .apk SHA file for debug
         if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
           path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
@@ -418,7 +405,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
+        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
         with:
           bundler-cache: true
 
@@ -429,7 +416,7 @@ jobs:
           bundle install --jobs 4 --retry 3
 
       - name: Log in to Azure
-        uses: Azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         with:
           creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
@@ -455,10 +442,10 @@ jobs:
           --name app_fdroid_firebase-creds.json --file ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json --output none
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
+        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
 
       - name: Cache Gradle files
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ~/.gradle/caches
@@ -468,7 +455,7 @@ jobs:
             ${{ runner.os }}-gradle-v2-
 
       - name: Cache build output
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ${{ github.workspace }}/build-cache
@@ -477,7 +464,7 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure JDK
-        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
         with:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
@@ -494,7 +481,7 @@ jobs:
       # Start from 11000 to prevent collisions with mobile build version codes
       - name: Increment version
         run: |
-          DEFAULT_VERSION_CODE=$((11000+GITHUB_RUN_NUMBER))
+          DEFAULT_VERSION_CODE=$((11000+$GITHUB_RUN_NUMBER))
           VERSION_CODE="${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }}"
           bundle exec fastlane setBuildVersionInfo \
           versionCode:$VERSION_CODE \
@@ -528,7 +515,7 @@ jobs:
           keyPassword:"${{ env.FDROID_BETA_KEY_PASSWORD }}"
 
       - name: Upload F-Droid .apk artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden-fdroid.apk
           path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk
@@ -540,14 +527,14 @@ jobs:
           > ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
 
       - name: Upload F-Droid SHA file
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden-fdroid.apk-sha256.txt
           path: ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
           if-no-files-found: error
 
       - name: Upload F-Droid Beta .apk artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.beta-fdroid.apk
           path: app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk
@@ -559,7 +546,7 @@ jobs:
           > ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
 
       - name: Upload F-Droid Beta SHA file
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
           path: ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt

.github/workflows/cron-sync-google-priviledged-browsers.yml

@@ -1,98 +0,0 @@
-name: Cron / Sync Google Privileged Browsers List
-
-on:
-  schedule:
-    # Run weekly on Monday at 00:00 UTC
-    - cron: '0 0 * * 1'
-  workflow_dispatch:
-
-env:
-  SOURCE_URL: https://www.gstatic.com/gpm-passkeys-privileged-apps/apps.json
-  GOOGLE_FILE: app/src/main/assets/fido2_privileged_google.json
-  COMMUNITY_FILE: app/src/main/assets/fido2_privileged_community.json
-
-jobs:
-  sync-privileged-browsers:
-    name: Sync Google Privileged Browsers List
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
-
-      - name: Download Google Privileged Browsers List
-        run: curl -s $SOURCE_URL -o $GOOGLE_FILE
-
-      - name: Check for changes
-        id: check-changes
-        run: |
-          if git diff --quiet -- $GOOGLE_FILE; then
-            echo "👀 No changes detected, skipping..."
-            echo "has_changes=false" >> $GITHUB_OUTPUT
-            exit 0
-          fi
-
-          echo "has_changes=true" >> $GITHUB_OUTPUT
-          echo "👀 Changes detected, validating fido2_privileged_google.json..."
-
-          python .github/scripts/validate-json/validate_json.py validate $GOOGLE_FILE
-          if [ $? -ne 0 ]; then
-            echo "::error::JSON validation failed for $GOOGLE_FILE"
-            exit 1
-          fi
-
-          echo "👀 fido2_privileged_google.json is valid, checking for duplicates..."
-
-          # Check for duplicates between Google and Community files
-          python .github/scripts/validate-json/validate_json.py duplicates $GOOGLE_FILE $COMMUNITY_FILE duplicates.txt
-
-          if [ -f duplicates.txt ]; then
-            echo "::warning::Duplicate package names found between Google and Community files."
-            echo "duplicates_found=true" >> $GITHUB_OUTPUT
-          else
-            echo "✅ No duplicate package names found between Google and Community files"
-            echo "duplicates_found=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Create branch and commit
-        if: steps.check-changes.outputs.has_changes == 'true'
-        run: |
-          echo "👀 Committing fido2_privileged_google.json..."
-
-          BRANCH_NAME="cron-sync-privileged-browsers/$GITHUB_RUN_NUMBER-sync"
-          git config user.name "GitHub Actions Bot"
-          git config user.email "actions@github.com"
-          git checkout -b $BRANCH_NAME
-          git add $GOOGLE_FILE
-          git commit -m "Update Google privileged browsers list"
-          git push origin $BRANCH_NAME
-          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
-          echo "🌱 Branch created: $BRANCH_NAME"
-
-      - name: Create Pull Request
-        if: steps.check-changes.outputs.has_changes == 'true'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DUPLICATES_FOUND: ${{ steps.check-changes.outputs.duplicates_found }}
-          BASE_PR_URL: ${{ github.server_url }}/${{ github.repository }}/pull/
-        run: |
-          PR_BODY="Updates the Google privileged browsers list with the latest data from $SOURCE_URL"
-
-          if [ "$DUPLICATES_FOUND" = "true" ]; then
-            PR_BODY="$PR_BODY\n\n> [!WARNING]\n> :suspect: The following package(s) appear in both Google and Community files:"
-            while IFS= read -r line; do
-              PR_BODY="$PR_BODY\n> - $line"
-            done < duplicates.txt
-          fi
-
-          # Use echo -e to interpret escape sequences and pipe to gh pr create
-          PR_URL=$(echo -e "$PR_BODY" | gh pr create \
-            --title "Update Google privileged browsers list" \
-            --body-file - \
-            --base main \
-            --head $BRANCH_NAME \
-            --label "automated-pr" \
-            --label "t:ci")

.github/workflows/crowdin-pull-authenticator.yml

@@ -0,0 +1,55 @@
+name: Crowdin Sync - Authenticator
+
+on:
+  workflow_dispatch:
+  # schedule:
+  #   - cron: '0 0 * * 5'
+
+jobs:
+  crowdin-sync:
+    name: Autosync
+    runs-on: ubuntu-24.04
+    env:
+      _CROWDIN_PROJECT_ID: "673718"
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Log in to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        id: app-token
+        with:
+          app-id: ${{ secrets.BW_GHAPP_ID }}
+          private-key: ${{ secrets.BW_GHAPP_KEY }}
+
+      - name: Download translations
+        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
+        env:
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }}
+        with:
+          config: crowdin-bwa.yml
+          upload_sources: false
+          upload_translations: false
+          download_translations: true
+          github_user_name: "bitwarden-devops-bot"
+          github_user_email: "106330231+bitwarden-devops-bot@users.noreply.github.com"
+          commit_message: "Autosync the updated translations"
+          localization_branch_name: crowdin-auto-sync
+          create_pull_request: true
+          pull_request_title: "Autosync Crowdin Translations"
+          pull_request_body: "Autosync the updated translations"
+          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
+          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}

.github/workflows/crowdin-pull.yml

@@ -1,35 +1,23 @@
-name: Cron / Crowdin Pull
-run-name: Crowdin Pull - ${{ github.event_name == 'workflow_dispatch' && 'Manual' || 'Scheduled' }}
+name: Crowdin Sync
 
 on:
   workflow_dispatch:
+    inputs: {}
   schedule:
     - cron: '0 0 * * 5'
 
 jobs:
   crowdin-sync:
-    name: Crowdin Pull - ${{ matrix.name }} - ${{ github.event_name }}
+    name: Autosync
     runs-on: ubuntu-24.04
-    permissions:
-      contents: write
-      pull-requests: write
-    strategy:
-      matrix:
-        include:
-          - name: Password Manager
-            project_id: 269690
-            config: crowdin-bwpm.yml
-            branch: crowdin-pull-bwpm
-          - name: Authenticator
-            project_id: 673718
-            config: crowdin-bwa.yml
-            branch: crowdin-pull-bwa
+    env:
+      _CROWDIN_PROJECT_ID: "269690"
     steps:
       - name: Checkout repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to Azure - CI Subscription
-        uses: Azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         with:
           creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
@@ -41,29 +29,28 @@ jobs:
           secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"
 
       - name: Generate GH App token
-        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
         id: app-token
         with:
           app-id: ${{ secrets.BW_GHAPP_ID }}
           private-key: ${{ secrets.BW_GHAPP_KEY }}
 
-      - name: Download translations for ${{ matrix.name }}
-        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0
+      - name: Download translations
+        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
         env:
           GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
           CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
-          _CROWDIN_PROJECT_ID: ${{ matrix.project_id }}
         with:
-          config: ${{ matrix.config }}
+          config: crowdin.yml
           upload_sources: false
           upload_translations: false
           download_translations: true
           github_user_name: "bitwarden-devops-bot"
           github_user_email: "106330231+bitwarden-devops-bot@users.noreply.github.com"
-          commit_message: "Crowdin Pull - ${{ matrix.name }}"
-          localization_branch_name: ${{ matrix.branch }}
+          commit_message: "Autosync the updated translations"
+          localization_branch_name: crowdin-auto-sync
           create_pull_request: true
-          pull_request_title: "Crowdin Pull - ${{ matrix.name }}"
-          pull_request_body: ":inbox_tray: New translations for ${{ matrix.name }} received!"
+          pull_request_title: "Autosync Crowdin Translations"
+          pull_request_body: "Autosync the updated translations"
           gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
           gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}

.github/workflows/crowdin-push-authenticator.yml

@@ -0,0 +1,30 @@
+name: Crowdin Push - Authenticator
+
+on:
+  workflow_dispatch:
+  # push:
+  #   branches:
+  #     - "main"
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  JAVA_VERSION: 17
+
+jobs:
+  crowdin-push:
+    name: Crowdin Push
+    runs-on: ubuntu-24.04
+    env:
+      _CROWDIN_PROJECT_ID: "673718"
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Upload sources
+        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }}
+        with:
+          config: crowdin-bwa.yml
+          upload_sources: true
+          upload_translations: false

.github/workflows/crowdin-push.yml

@@ -1,24 +1,23 @@
-name: CI / Crowdin Push
-run-name: Crowdin Push - ${{ github.event_name == 'workflow_dispatch' && 'Manual' || 'CI' }}
+name: Crowdin Push
 
 on:
   workflow_dispatch:
   push:
     branches:
-      - main
+      - "main"
 
 jobs:
   crowdin-push:
-    name: Crowdin Push - ${{ github.event_name }}
+    name: Crowdin Push
     runs-on: ubuntu-24.04
-    permissions:
-      contents: read
+    env:
+      _CROWDIN_PROJECT_ID: "269690"
     steps:
       - name: Check out repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Log in to Azure
-        uses: Azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
         with:
           creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
@@ -29,24 +28,12 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "crowdin-api-token"
 
-      - name: Upload sources for Password Manager
-        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0
+      - name: Upload sources
+        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
-          _CROWDIN_PROJECT_ID: "269690"
         with:
-          config: crowdin-bwpm.yml
-          upload_sources: true
-          upload_translations: false
-
-      - name: Upload sources for Authenticator
-        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
-          _CROWDIN_PROJECT_ID: "673718"
-        with:
-          config: crowdin-bwa.yml
+          config: crowdin.yml
           upload_sources: true
           upload_translations: false

.github/workflows/github-release.yml

@@ -3,24 +3,45 @@ name: Create GitHub Release
 on:
   workflow_dispatch:
     inputs:
+      version-name:
+        description: 'Version Name - E.g. "2024.11.1"'
+        required: true
+        type: string
+      version-number:
+        description: 'Version Number - E.g. "123456"'
+        required: true
+        type: string
       artifact-run-id:
         description: 'GitHub Action Run ID containing artifacts'
         required: true
         type: string
-      release-ticket-id:
-        description: 'Release Ticket ID - e.g. RELEASE-1762'
-        required: true
-        type: string
-
+      draft:
+        description: 'Create as draft release'
+        type: boolean
+        default: true
+      prerelease:
+        description: 'Mark as pre-release'
+        type: boolean
+        default: true
+      make-latest:
+        description: 'Set as the latest release'
+        type: boolean
+      branch-protection-type:
+        description: 'Branch protection type'
+        type: choice
+        options:
+          - Branch Name
+          - GitHub API
+        default: Branch Name
 env:
     ARTIFACTS_PATH: artifacts
-
 jobs:
   create-release:
     name: Create GitHub Release
     runs-on: ubuntu-24.04
     permissions:
       contents: write
+      actions: read
 
     steps:
       - name: Check out repository
@@ -33,74 +54,31 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
+          BRANCH_PROTECTION_TYPE: ${{ inputs.branch-protection-type }}
         run: |
-          workflow_data=$(gh run view $ARTIFACT_RUN_ID --json headBranch,workflowName)
-          release_branch=$(echo "$workflow_data" | jq -r .headBranch)
-          workflow_name=$(echo "$workflow_data" | jq -r .workflowName)
+          release_branch=$(gh run view $ARTIFACT_RUN_ID --json headBranch -q .headBranch)
 
-          # branch protection check
-          if [[ "$release_branch" != "main" && ! "$release_branch" =~ ^release/ ]]; then
-            echo "::error::Branch '$release_branch' is not 'main' or a release branch starting with 'release/'. Releases must be created from protected branches."
-            exit 1
-          fi
-
-          echo "release_branch=$release_branch" >> $GITHUB_OUTPUT
-          echo "workflow_name=$workflow_name" >> $GITHUB_OUTPUT
-
-          case "$workflow_name" in
-            *"Password Manager"* | "Build")
-              echo "app_name=Password Manager" >> $GITHUB_OUTPUT
-              echo "app_name_suffix=bwpm" >> $GITHUB_OUTPUT
+          case "$BRANCH_PROTECTION_TYPE" in
+            "Branch Name")
+              if [[ "$release_branch" != "main" && ! "$release_branch" =~ ^release/ ]]; then
+                echo "::error::Branch '$release_branch' is not 'main' or a release branch starting with 'release/'. Releases must be created from protected branches."
+                exit 1
+              fi
               ;;
-            *"Authenticator"*)
-              echo "app_name=Authenticator" >> $GITHUB_OUTPUT
-              echo "app_name_suffix=bwa" >> $GITHUB_OUTPUT
+            "GitHub API")
+              #NOTE requires token with "administration:read" scope
+              if ! gh api "repos/${{ github.repository }}/branches/$release_branch/protection" | grep -q "required_status_checks"; then
+                echo "::error::Branch '$release_branch' is not protected. Releases must be created from protected branches. If that's not correct, confirm if the github token user has the 'administration:read' scope."
+                exit 1
+              fi
               ;;
             *)
-              echo "::error::Unknown workflow name: $workflow_name"
+              echo "::error::Unsupported branch protection type: $BRANCH_PROTECTION_TYPE"
               exit 1
               ;;
           esac
 
-      - name: Get version info from run logs and set release tag name
-        id: get_release_info
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
-          _APP_NAME_SUFFIX: ${{ steps.get_release_branch.outputs.app_name_suffix }}
-        run: |
-          workflow_log=$(gh run view $ARTIFACT_RUN_ID --log)
-
-          version_number_with_trailing_dot=$(grep -m 1 "Setting version code to" <<< "$workflow_log" | sed 's/.*Setting version code to //')
-          version_number=${version_number_with_trailing_dot%.} # remove trailing dot
-
-          version_name_with_trailing_dot=$(grep -m 1 "Setting version name to" <<< "$workflow_log" | sed 's/.*Setting version name to //')
-          version_name=${version_name_with_trailing_dot%.} # remove trailing dot
-
-          if [[ -z "$version_name" ]]; then
-            echo "::warning::Version name not found. Using default value - 0.0.0"
-            version_name="0.0.0"
-          else
-            echo "✅ Found version name: $version_name"
-          fi
-
-          if [[ -z "$version_number" ]]; then
-            echo "::warning::Version number not found. Using default value - 0"
-            version_number="0"
-          else
-            echo "✅ Found version number: $version_number"
-          fi
-
-          echo "version_number=$version_number" >> $GITHUB_OUTPUT
-          echo "version_name=$version_name" >> $GITHUB_OUTPUT
-
-          tag_name="v$version_name-$_APP_NAME_SUFFIX" # e.g. v2025.6.0-bwpm
-          echo "🔖 New tag name: $tag_name"
-          echo "tag_name=$tag_name" >> $GITHUB_OUTPUT
-
-          last_release_tag=$(git tag -l --sort=-authordate | grep "$APP_NAME_SUFFIX" | head -n 1)
-          echo "🔖 Last release tag: $last_release_tag"
-          echo "last_release_tag=$last_release_tag" >> $GITHUB_OUTPUT
+          echo "release_branch=$release_branch" >> $GITHUB_OUTPUT
 
       - name: Download artifacts
         env:
@@ -115,106 +93,37 @@ jobs:
             find $ARTIFACTS_PATH -type f
           fi
 
-      - name: Get product release notes
-        id: get_release_notes
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
-          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
-          _RELEASE_TICKET_ID: ${{ inputs.release-ticket-id }}
-          _JIRA_API_EMAIL: ${{ secrets.JIRA_API_EMAIL }}
-          _JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
-        run: |
-          echo "Getting product release notes"
-          product_release_notes=$(python3 .github/scripts/jira-get-release-notes/jira_release_notes.py $_RELEASE_TICKET_ID $_JIRA_API_EMAIL $_JIRA_API_TOKEN)
-
-          if [[ -z "$product_release_notes" || $product_release_notes == "Error checking"* ]]; then
-            echo "::warning::Failed to fetch release notes from Jira. Output: $product_release_notes"
-            product_release_notes="<insert product release notes here>"
-          else
-            echo "✅ Product release notes:"
-            echo "$product_release_notes"
-          fi
-
-          echo "$product_release_notes" > product_release_notes.txt
-
       - name: Create Release
         id: create_release
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          _APP_NAME: ${{ steps.get_release_branch.outputs.app_name }}
-          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
-          _VERSION_NUMBER: ${{ steps.get_release_info.outputs.version_number }}
-          _TARGET_COMMIT: ${{ steps.get_release_branch.outputs.release_branch }}
-          _TAG_NAME: ${{ steps.get_release_info.outputs.tag_name }}
-          _LAST_RELEASE_TAG: ${{ steps.get_release_info.outputs.last_release_tag }}
-        run: |
-          echo "⌛️ Creating release for $_APP_NAME $_VERSION_NAME ($_VERSION_NUMBER) on $_TARGET_COMMIT"
-          release_url=$(gh release create "$_TAG_NAME" \
-            --title "$_APP_NAME $_VERSION_NAME ($_VERSION_NUMBER)" \
-            --target "$_TARGET_COMMIT" \
-            --generate-notes \
-            --notes-start-tag "$_LAST_RELEASE_TAG" \
-            --draft \
-            $ARTIFACTS_PATH/*/*)
-
-          echo "✅ Release created: $release_url"
-
-          # Get release info for outputs
-          release_data=$(gh release view "$_TAG_NAME" --json id)
-          release_id=$(echo "$release_data" | jq -r .id)
-
-          echo "id=$release_id" >> $GITHUB_OUTPUT
-          echo "url=$release_url" >> $GITHUB_OUTPUT
+        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
+        with:
+          tag_name: "v${{ inputs.version-name }}"
+          name: "${{ inputs.version-name }} (${{ inputs.version-number }})"
+          prerelease: ${{ inputs.prerelease }}
+          draft: ${{ inputs.draft }}
+          make_latest: ${{ inputs.make-latest }}
+          target_commitish: ${{ steps.get_release_branch.outputs.release_branch }}
+          generate_release_notes: true
+          files: |
+            artifacts/**/*
 
       - name: Update Release Description
-        id: update_release_description
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RELEASE_ID: ${{ steps.create_release.outputs.id }}
+          RELEASE_URL: ${{ steps.create_release.outputs.url }}
           ARTIFACT_RUN_ID: ${{ inputs.artifact-run-id }}
-          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
-          _TAG_NAME: ${{ steps.get_release_info.outputs.tag_name }}
         run: |
-          echo "Getting current release body. Tag: $_TAG_NAME"
-          current_body=$(gh release view "$_TAG_NAME" --json body --jq .body)
+          # Get current release body
+          current_body=$(gh api /repos/${{ github.repository }}/releases/$RELEASE_ID --jq .body)
 
-          product_release_notes=$(cat product_release_notes.txt)
-
-          # Update release description with product release notes and builds source
-          updated_body="# Overview
-          ${product_release_notes}
-
-          ${current_body}
+          # Append build source to the end
+          updated_body="${current_body}
           **Builds Source:** https://github.com/${{ github.repository }}/actions/runs/$ARTIFACT_RUN_ID"
 
-          new_release_url=$(gh release edit "$_TAG_NAME" --notes "$updated_body")
+          # Update release
+          gh api --method PATCH /repos/${{ github.repository }}/releases/$RELEASE_ID \
+            -f body="$updated_body"
 
-          # draft release links change after editing
-          echo "release_url=$new_release_url" >> $GITHUB_OUTPUT
-
-      - name: Add Release Summary
-        env:
-          _RELEASE_TAG: ${{ steps.get_release_info.outputs.tag_name }}
-          _LAST_RELEASE_TAG: ${{ steps.get_release_info.outputs.last_release_tag }}
-          _VERSION_NAME: ${{ steps.get_release_info.outputs.version_name }}
-          _VERSION_NUMBER: ${{ steps.get_release_info.outputs.version_number }}
-          _RELEASE_BRANCH: ${{ steps.get_release_branch.outputs.release_branch }}
-          _RELEASE_URL: ${{ steps.update_release_description.outputs.release_url }}
-        run: |
-          echo "# :fish_cake: Release ready at:" >> $GITHUB_STEP_SUMMARY
-          echo "$_RELEASE_URL" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          if [[ "$_VERSION_NAME" == "0.0.0" || "$_VERSION_NUMBER" == "0" ]]; then
-            echo "> [!CAUTION]" >> $GITHUB_STEP_SUMMARY
-            echo "> Version name or number wasn't previously found and a default value was used. You'll need to manually update the release Title, Tag and Description, specifically, the "Full Changelog" link." >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-          fi
-
-          echo ":clipboard: Confirm that the defined GitHub Release options are correct:"  >> $GITHUB_STEP_SUMMARY
-          echo " * :bookmark: New tag name: \`$_RELEASE_TAG\`" >> $GITHUB_STEP_SUMMARY
-          echo " * :palm_tree: Target branch: \`$_RELEASE_BRANCH\`" >> $GITHUB_STEP_SUMMARY
-          echo " * :ocean: Previous tag set in the description \"Full Changelog\" link: \`$_LAST_RELEASE_TAG\`" >> $GITHUB_STEP_SUMMARY
-          echo " * :white_check_mark: Description has automated release notes and they match the commits in the release branch" >> $GITHUB_STEP_SUMMARY
-          echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
-          echo "> Commits directly pushed to branches without a Pull Request won't appear in the automated release notes." >> $GITHUB_STEP_SUMMARY
+          echo "# :rocket: Release ready at:" >> $GITHUB_STEP_SUMMARY
+          echo "$RELEASE_URL" >> $GITHUB_STEP_SUMMARY

.github/workflows/publish-github-release.yml

@@ -1,14 +0,0 @@
-name: Publish GitHub Release as newest
-
-on:
-  workflow_dispatch:
-
-permissions: {}
-
-jobs:
-  stub:
-    runs-on: ubuntu-24.04
-    name: Stub
-    steps:
-      - name: Stub
-        run: echo "This is a stub job to trigger the workflow."

.github/workflows/publish-store.yml

@@ -1,16 +0,0 @@
-
-name: Publish
-
-on:
-  workflow_dispatch:
-
-permissions: {}
-
-jobs:
-    publish:
-      runs-on: ubuntu-24.04
-      name: Promote build to Production in Play Store
-
-      steps:
-        - name: TEST STEP
-          run: exit 0

.github/workflows/scan-authenticator.yml

@@ -0,0 +1,76 @@
+name: Scan Authenticator
+
+on:
+  workflow_dispatch:
+  # push:
+  #   branches:
+  #     - "main"
+  #     - "rc"
+  #     - "hotfix-rc"
+  # pull_request_target:
+  #   types: [opened, synchronize]
+
+jobs:
+  check-run:
+    name: Check PR run
+    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+
+  sast:
+    name: SAST scan
+    runs-on: ubuntu-24.04
+    needs: check-run
+    permissions:
+      contents: read
+      pull-requests: write
+      security-events: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{  github.event.pull_request.head.sha }}
+
+      - name: Scan with Checkmarx
+        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
+        env:
+          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
+        with:
+          project_name: ${{ github.repository }}
+          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
+          base_uri: https://ast.checkmarx.net/
+          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
+          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
+          additional_params: |
+            --report-format sarif \
+            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
+            --output-path . ${{ env.INCREMENTAL }}
+
+      - name: Upload Checkmarx results to GitHub
+        uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2
+        with:
+          sarif_file: cx_result.sarif
+
+  quality:
+    name: Quality scan
+    runs-on: ubuntu-24.04
+    needs: check-run
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          ref: ${{  github.event.pull_request.head.sha }}
+
+      - name: Scan with SonarCloud
+        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.organization=${{ github.repository_owner }}
+            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
+            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}

.github/workflows/scan-ci.yml

@@ -21,7 +21,7 @@ jobs:
           fetch-depth: 0
 
       - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@ef93013c95adc60160bc22060875e90800d3ecfc # 2.3.19
+        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
         with:
           project_name: ${{ github.repository }}
           cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
@@ -34,7 +34,7 @@ jobs:
             --output-path .
 
       - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           sarif_file: cx_result.sarif
 
@@ -51,10 +51,11 @@ jobs:
           fetch-depth: 0
 
       - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@aa494459d7c39c106cc77b166de8b4250a32bb97 # v5.1.0
+        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         with:
           args: >
             -Dsonar.organization=${{ github.repository_owner }}
             -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
+            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}

.github/workflows/scan.yml

@@ -2,23 +2,13 @@ name: Scan Pull Requests
 
 on:
   workflow_dispatch:
-  pull_request:
-    types: [opened, synchronize, reopened]
-    branches-ignore:
-      - main
   pull_request_target:
-    types: [opened, synchronize, reopened]
-    branches:
-      - main
-
-permissions: {}
+    types: [opened, synchronize]
 
 jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-    permissions:
-      contents: read
 
   sast:
     name: SAST scan
@@ -36,7 +26,7 @@ jobs:
           ref: ${{  github.event.pull_request.head.sha }}
 
       - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@ef93013c95adc60160bc22060875e90800d3ecfc # 2.3.19
+        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
         env:
           INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
         with:
@@ -51,11 +41,9 @@ jobs:
             --output-path . ${{ env.INCREMENTAL }}
 
       - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           sarif_file: cx_result.sarif
-          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
-          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
 
   quality:
     name: Quality scan
@@ -73,7 +61,7 @@ jobs:
           ref: ${{  github.event.pull_request.head.sha }}
 
       - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@aa494459d7c39c106cc77b166de8b4250a32bb97 # v5.1.0
+        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         with:

.github/workflows/test-authenticator.yml

@@ -0,0 +1,84 @@
+name: Test Authenticator
+
+on:
+  # push:
+  #   branches:
+  #     - "main"
+  #     - "rc"
+  #     - "hotfix-rc"
+  # pull_request_target:
+  #   types: [opened, synchronize]
+  workflow_dispatch:
+
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  JAVA_VERSION: 17
+
+jobs:
+  check-run:
+    name: Check PR run
+    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+
+  test:
+    name: Test
+    runs-on: ubuntu-24.04
+    needs: check-run
+    permissions:
+      contents: read
+      packages: read
+      pull-requests: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{  github.event.pull_request.head.sha }}
+
+      - name: Validate Gradle wrapper
+        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+
+      - name: Cache Gradle files
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-v2-
+
+      - name: Cache build output
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        with:
+          path: |
+            ${{ github.workspace }}/build-cache
+          key: ${{ runner.os }}-build-cache-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-build-
+
+      - name: Configure Ruby
+        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        with:
+          bundler-cache: true
+
+      - name: Configure JDK
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        with:
+          distribution: "temurin"
+          java-version: ${{ env.JAVA_VERSION }}
+
+      - name: Install Fastlane
+        run: |
+          gem install bundler:2.2.27
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
+
+      - name: Build and test Authenticator
+        run: |
+          bundle exec fastlane checkAuthenticator
+
+      - name: Upload to codecov.io
+        uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
+        with:
+          files: authenticator/build/reports/kover/reportDebug.xml

.github/workflows/test-device.yml

@@ -1,16 +0,0 @@
-name: Test Device
-
-on:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  test:
-    name: Test Device
-    runs-on: ubuntu-24.04
-
-    steps:
-    - name: Placeholder step
-      run: echo "Placeholder workflow step"

.github/workflows/test.yml

@@ -9,7 +9,7 @@ on:
   pull_request:
     types: [opened, synchronize]
   merge_group:
-    types: [checks_requested]
+    type: [checks_requested]
   workflow_dispatch:
 
 env:
@@ -23,17 +23,16 @@ jobs:
     runs-on: ubuntu-24.04
     permissions:
       packages: read
-      pull-requests: write
 
     steps:
       - name: Check out repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
+        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
 
       - name: Cache Gradle files
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ~/.gradle/caches
@@ -43,7 +42,7 @@ jobs:
             ${{ runner.os }}-gradle-v2-
 
       - name: Cache build output
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ${{ github.workspace }}/build-cache
@@ -52,12 +51,12 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
+        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
         with:
           bundler-cache: true
 
       - name: Configure JDK
-        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
         with:
           distribution: "temurin"
           java-version: ${{ env._JAVA_VERSION }}
@@ -75,30 +74,40 @@ jobs:
           bundle exec fastlane check
 
       - name: Upload test reports
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         if: always()
         with:
           name: test-reports
           path: |
-            build/reports/kover/reportMergedCoverage.xml
             app/build/reports/tests/
-            authenticator/build/reports/tests/
-            authenticatorbridge/build/reports/tests/
-            core/build/reports/tests/
-            data/build/reports/tests/
-            network/build/reports/tests/
-            ui/build/reports/tests/
+            app/build/reports/kover/reportStandardDebug.xml
+
+  report:
+    name: Process Test Reports
+    needs: test
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+    if: success()
+
+    steps:
+      - name: Download test artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        if: github.event_name == 'push' || github.event_name == 'pull_request'
+        with:
+          name: test-reports
 
       - name: Upload to codecov.io
         id: upload-to-codecov
-        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
+        uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
         if: github.event_name == 'push' || github.event_name == 'pull_request'
         continue-on-error: true
         with:
           os: linux
-          files: build/reports/kover/reportMergedCoverage.xml
+          files: kover/reportStandardDebug.xml
           fail_ci_if_error: true
-          disable_search: true
 
       - name: Comment PR if tests failed
         if: steps.upload-to-codecov.outcome == 'failure' && (github.event_name == 'push' || github.event_name == 'pull_request')
@@ -110,7 +119,7 @@ jobs:
           echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
           echo "> Uploading code coverage report failed. Please check the \"Upload to codecov.io\" step of \"Process Test Reports\" job for more details." >> $GITHUB_STEP_SUMMARY
 
-          if [ -n "$PR_NUMBER" ]; then
+          if [ ! -z "$PR_NUMBER" ]; then
             message=$'> [!WARNING]\n> @'$RUN_ACTOR' Uploading code coverage report failed. Please check the "Upload to codecov.io" step of [Process Test Reports job]('$_GITHUB_ACTION_RUN_URL') for more details.'
             gh pr comment --repo $GITHUB_REPOSITORY $PR_NUMBER --body "$message"
           fi

.gitignore

@@ -25,13 +25,5 @@ user.properties
 
 # Secrets
 /keystores/*.jks
-/app/src/standardBeta/google-services.json
+/app/src/standardDebug/google-services.json
 /app/src/standardRelease/google-services.json
-/authenticator/src/google-services.json
-
-# Python
-.python-version
-__pycache__/
-
-# Generated by .github/scripts/validate-json/validate-json.py
-duplicates.txt

.husky/pre-commit

@@ -1 +0,0 @@
-npx lint-staged

Gemfile.lock

@@ -9,26 +9,24 @@ GEM
       public_suffix (>= 2.0.2, < 7.0)
     artifactory (3.0.17)
     atomos (0.1.3)
-    aws-eventstream (1.4.0)
-    aws-partitions (1.1125.0)
-    aws-sdk-core (3.226.2)
+    aws-eventstream (1.3.0)
+    aws-partitions (1.1040.0)
+    aws-sdk-core (3.216.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
-      base64
       jmespath (~> 1, >= 1.6.1)
-      logger
-    aws-sdk-kms (1.106.0)
-      aws-sdk-core (~> 3, >= 3.225.0)
+    aws-sdk-kms (1.97.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.192.0)
-      aws-sdk-core (~> 3, >= 3.225.0)
+    aws-sdk-s3 (1.178.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.12.1)
+    aws-sigv4 (1.11.0)
       aws-eventstream (~> 1, >= 1.0.2)
     babosa (1.0.4)
-    base64 (0.3.0)
+    base64 (0.2.0)
     claide (1.1.0)
     colored (1.2)
     colored2 (3.1.2)
@@ -36,7 +34,7 @@ GEM
       highline (~> 2.0.0)
     date (3.4.1)
     declarative (0.0.20)
-    digest-crc (0.7.0)
+    digest-crc (0.6.5)
       rake (>= 12.0.0, < 14.0.0)
     domain_name (0.6.20240107)
     dotenv (2.8.1)
@@ -58,10 +56,10 @@ GEM
       faraday (>= 0.8.0)
       http-cookie (~> 1.0.0)
     faraday-em_http (1.0.0)
-    faraday-em_synchrony (1.0.1)
+    faraday-em_synchrony (1.0.0)
     faraday-excon (1.1.0)
     faraday-httpclient (1.0.1)
-    faraday-multipart (1.1.1)
+    faraday-multipart (1.1.0)
       multipart-post (~> 2.0)
     faraday-net_http (1.0.2)
     faraday-net_http_persistent (1.2.0)
@@ -71,7 +69,7 @@ GEM
     faraday_middleware (1.2.1)
       faraday (~> 1.0)
     fastimage (2.4.0)
-    fastlane (2.228.0)
+    fastlane (2.226.0)
       CFPropertyList (>= 2.3, < 4.0.0)
       addressable (>= 2.8, < 3.0.0)
       artifactory (~> 3.0)
@@ -111,9 +109,9 @@ GEM
       tty-spinner (>= 0.8.0, < 1.0.0)
       word_wrap (~> 1.0.0)
       xcodeproj (>= 1.13.0, < 2.0.0)
-      xcpretty (~> 0.4.1)
+      xcpretty (~> 0.4.0)
       xcpretty-travis-formatter (>= 0.0.3, < 2.0.0)
-    fastlane-plugin-firebase_app_distribution (0.10.1)
+    fastlane-plugin-firebase_app_distribution (0.10.0)
       google-apis-firebaseappdistribution_v1 (~> 0.3.0)
       google-apis-firebaseappdistribution_v1alpha (~> 0.2.0)
     fastlane-sirp (1.0.0)
@@ -139,12 +137,12 @@ GEM
       google-apis-core (>= 0.11.0, < 2.a)
     google-apis-storage_v1 (0.31.0)
       google-apis-core (>= 0.11.0, < 2.a)
-    google-cloud-core (1.8.0)
+    google-cloud-core (1.7.1)
       google-cloud-env (>= 1.0, < 3.a)
       google-cloud-errors (~> 1.0)
     google-cloud-env (1.6.0)
       faraday (>= 0.17.3, < 3.0)
-    google-cloud-errors (1.5.0)
+    google-cloud-errors (1.4.0)
     google-cloud-storage (1.47.0)
       addressable (~> 2.8)
       digest-crc (~> 0.4)
@@ -162,37 +160,34 @@ GEM
     highline (2.0.3)
     http-cookie (1.0.8)
       domain_name (~> 0.5)
-    httpclient (2.9.0)
-      mutex_m
+    httpclient (2.8.3)
     jmespath (1.6.2)
-    json (2.12.2)
-    jwt (2.10.2)
+    json (2.9.1)
+    jwt (2.10.1)
       base64
-    logger (1.7.0)
     mini_magick (4.13.2)
     mini_mime (1.1.5)
     multi_json (1.15.0)
     multipart-post (2.4.1)
-    mutex_m (0.3.0)
     nanaimo (0.4.0)
-    naturally (2.3.0)
+    naturally (2.2.1)
     nkf (0.2.0)
     optparse (0.6.0)
     os (1.1.4)
     plist (3.7.2)
-    public_suffix (6.0.2)
-    rake (13.3.0)
+    public_suffix (6.0.1)
+    rake (13.2.1)
     representable (3.2.0)
       declarative (< 0.1.0)
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.4.1)
+    rexml (3.4.0)
     rouge (3.28.0)
     ruby2_keywords (0.0.5)
     rubyzip (2.4.1)
     security (0.1.5)
-    signet (0.20.0)
+    signet (0.19.0)
       addressable (~> 2.8)
       faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
@@ -221,7 +216,7 @@ GEM
       colored2 (~> 3.1)
       nanaimo (~> 0.4.0)
       rexml (>= 3.3.6, < 4.0)
-    xcpretty (0.4.1)
+    xcpretty (0.4.0)
       rouge (~> 3.28.0)
     xcpretty-travis-formatter (1.0.1)
       xcpretty (~> 0.2, >= 0.0.7)
@@ -238,4 +233,4 @@ RUBY VERSION
    ruby 3.3.1p55
 
 BUNDLED WITH
-   2.6.6
+   2.5.9

README-bwa.md

@@ -1,61 +0,0 @@
-[![Github Workflow build on main](https://github.com/bitwarden/authenticator-android/actions/workflows/build-authenticator.yml/badge.svg?branch=main)](https://github.com/bitwarden/authenticator-android/actions/workflows/build-authenticator.yml?query=branch:main)
-[![Join the chat at https://gitter.im/bitwarden/Lobby](https://badges.gitter.im/bitwarden/Lobby.svg)](https://gitter.im/bitwarden/Lobby)
-
-# Bitwarden Authenticator Android App
-
-<a href="https://play.google.com/store/apps/details?id=com.bitwarden.authenticator" target="_blank"><img alt="Get it on Google Play" src="https://imgur.com/YQzmZi9.png" width="153" height="46"></a>
-
-Bitwarden Authenticator allows you easily store and generate two-factor authentication codes on your device. The Bitwarden Authenticator Android application is written in Kotlin.
-
-<img src="https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/authenticator-android-codes.png" alt="" width="325" height="650" />
-
-## Compatibility
-
-- **Minimum SDK**: 28
-- **Target SDK**: 34
-- **Device Types Supported**: Phone and Tablet
-- **Orientations Supported**: Portrait and Landscape
-
-## Setup
-
-
-1. Clone the repository:
-
-    ```sh
-    $ git clone https://github.com/bitwarden/authenticator-android
-    ```
-
-2. Create a `user.properties` file in the root directory of the project and add the following properties:
-
-    - `gitHubToken`: A "classic" Github Personal Access Token (PAT) with the `read:packages` scope (ex: `gitHubToken=gph_xx...xx`). These can be generated by going to the [Github tokens page](https://github.com/settings/tokens). See [the Github Packages user documentation concerning authentication](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry#authenticating-to-github-packages) for more details.
-
-3. Setup the code style formatter:
-
-    All code must follow the guidelines described in the [Code Style Guidelines document](docs/STYLE_AND_BEST_PRACTICES.md). To aid in adhering to these rules, all contributors should apply `docs/bitwarden-style.xml` as their code style scheme. In IntelliJ / Android Studio:
-
-    - Navigate to `Preferences > Editor > Code Style`.
-    - Hit the `Manage` button next to `Scheme`.
-    - Select `Import`.
-    - Find the `bitwarden-style.xml` file in the project's `docs/` directory.
-    - Import "from" `BitwardenStyle` "to" `BitwardenStyle`.
-    - Hit `Apply` and `OK` to save the changes and exit Preferences.
-
-    Note that in some cases you may need to restart Android Studio for the changes to take effect.
-
-    All code should be formatted before submitting a pull request. This can be done manually but it can also be helpful to create a macro with a custom keyboard binding to auto-format when saving. In Android Studio on OS X:
-
-    - Select `Edit > Macros > Start Macro Recording`
-    - Select `Code > Optimize Imports`
-    - Select `Code > Reformat Code`
-    - Select `File > Save All`
-    - Select `Edit > Macros > Stop Macro Recording`
-
-    This can then be mapped to a set of keys by navigating to `Android Studio > Preferences` and editing the macro under `Keymap` (ex : shift + command + s).
-
-    Please avoid mixing formatting and logical changes in the same commit/PR. When possible, fix any large formatting issues in a separate PR before opening one to make logical changes to the same code. This helps others focus on the meaningful code changes when reviewing the code.
-
-## Contribute
-
-Code contributions are welcome! Please commit any pull requests against the `main` branch. Learn more about how to contribute by reading the [Contributing Guidelines](https://contributing.bitwarden.com/contributing/). Check out the [Contributing Documentation](https://contributing.bitwarden.com/) for how to get started with your first contribution.
-
-Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.

README.md

@@ -4,7 +4,6 @@
 
 - [Compatibility](#compatibility)
 - [Setup](#setup)
-- [Theme](#theme)
 - [Dependencies](#dependencies)
 
 ## Compatibility
@@ -16,6 +15,7 @@
 
 ## Setup
 
+
 1. Clone the repository:
 
     ```sh
@@ -52,46 +52,12 @@
 
     Please avoid mixing formatting and logical changes in the same commit/PR. When possible, fix any large formatting issues in a separate PR before opening one to make logical changes to the same code. This helps others focus on the meaningful code changes when reviewing the code.
 
-4. Setup JDK `Version` `17`:
-
-    - Navigate to `Preferences > Build, Execution, Deployment > Build Tools > Gradle`.
-    - Hit the selected Gradle JDK next to `Gradle JDK:`.
-    - Select a `17.x` version or hit `Download JDK...` if not present.
-    - Select `Version` `17`.
-    - Select your preferred `Vendor`.
-    - Hit `Download`.
-    - Hit `Apply`.
-
-## Theme
-
-### Icons & Illustrations
-
-The app supports light mode, dark mode and dynamic colors. Most icons in the app will display correctly using tinting but multi-tonal icons and illustrations require extra processing in order to be displayed properly with dynamic colors.
-
-All illustrations and multi-tonal icons require the svg paths to be tagged with the `name` attribute in order for each individual path to be tinted the appropriate color. Any untagged path will not be tinted and the resulting image will be incorrect.
-
-The supported tags are as follows:
-
-* outline
-* primary
-* secondary
-* tertiary
-* accent
-* logo
-* navigation
-* navigationActiveAccent
-
 ## Dependencies
 
 ### Application Dependencies
 
 The following is a list of all third-party dependencies included as part of the application beyond the standard Android SDK.
 
-- **AndroidX Activity**
-    - https://developer.android.com/jetpack/androidx/releases/activity
-    - Purpose: Allows access composable APIs built on top of Activity.
-    - License: Apache 2.0
-
 - **AndroidX Appcompat**
     - https://developer.android.com/jetpack/androidx/releases/appcompat
     - Purpose: Allows access to new APIs on older API versions.
@@ -112,7 +78,7 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: Displays webpages with the user's default browser.
     - License: Apache 2.0
 
-- **AndroidX Camera**
+- **AndroidX CameraX Camera2**
     - https://developer.android.com/jetpack/androidx/releases/camera
     - Purpose: Display and capture images for barcode scanning.
     - License: Apache 2.0
@@ -122,9 +88,9 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: A Kotlin-based declarative UI framework.
     - License: Apache 2.0
 
-- **AndroidX Core**
+- **AndroidX Core SplashScreen**
     - https://developer.android.com/jetpack/androidx/releases/core
-    - Purpose: Backwards compatible platform features and APIs.
+    - Purpose: Backwards compatible SplashScreen API implementation.
     - License: Apache 2.0
 
 - **AndroidX Credentials**
@@ -137,11 +103,6 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: Lifecycle aware components and tooling.
     - License: Apache 2.0
 
-- **AndroidX Navigation**
-    - https://developer.android.com/jetpack/androidx/releases/navigation
-    - Purpose: Provides a consistent API for navigating between Android components.
-    - License: Apache 2.0
-
 - **AndroidX Room**
     - https://developer.android.com/jetpack/androidx/releases/room
     - Purpose: A convenient SQLite-based persistence layer for Android.
@@ -162,6 +123,21 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: Dependency injection framework.
     - License: Apache 2.0
 
+- **Firebase Cloud Messaging**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: Allows for push notification support. (**NOTE:** This dependency is not included in builds distributed via F-Droid.)
+    - License: Apache 2.0
+
+- **Firebase Crashlytics**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: SDK for crash and non-fatal error reporting. (**NOTE:** This dependency is not included in builds distributed via F-Droid.)
+    - License: Apache 2.0
+  
+- **Google Play Reviews**
+  - https://developer.android.com/reference/com/google/android/play/core/release-notes
+  - Purpose: On standard builds provide an interface to add a review for the password manager application in Google Play.
+  - License: Apache 2.0
+
 - **Glide**
     - https://github.com/bumptech/glide
     - Purpose: Image loading and caching.
@@ -182,6 +158,11 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: JSON serialization library for Kotlin.
     - License: Apache 2.0
 
+- **kotlinx.serialization converter**
+    - https://github.com/square/retrofit/tree/trunk/retrofit-converters/kotlinx-serialization
+    - Purpose: Converter for Retrofit 2 and kotlinx.serialization.
+    - License: Apache 2.0
+
 - **OkHttp 3**
     - https://github.com/square/okhttp
     - Purpose: An HTTP client used by the library to intercept and log traffic.
@@ -197,28 +178,16 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: Extensible logging library for Android.
     - License: Apache 2.0
 
+- **zxcvbn4j**
+    - https://github.com/nulab/zxcvbn4j
+    - Purpose: Password strength estimation.
+    - License: MIT
+
 - **ZXing**
     - https://github.com/zxing/zxing
     - Purpose: Barcode scanning and generation.
     - License: Apache 2.0
 
-The following is an additional list of third-party dependencies that are only included in the non-F-Droid build variants of the application.
-
-- **Firebase Cloud Messaging**
-    - https://github.com/firebase/firebase-android-sdk
-    - Purpose: Allows for push notification support.
-    - License: Apache 2.0
-
-- **Firebase Crashlytics**
-    - https://github.com/firebase/firebase-android-sdk
-    - Purpose: SDK for crash and non-fatal error reporting.
-    - License: Apache 2.0
-
-- **Google Play Reviews**
-    - https://developer.android.com/reference/com/google/android/play/core/release-notes
-    - Purpose: On standard builds provide an interface to add a review for the password manager application in Google Play.
-    - License: Apache 2.0
-
 ### Development Environment Dependencies
 
 The following is a list of additional third-party dependencies used as part of the local development environment. This includes test-related artifacts as well as tools related to code quality and linting. These are not present in the final packaged application.

SECURITY.md

@@ -1,32 +1,21 @@
-Bitwarden believes that working with security researchers across the globe is crucial to keeping our
-users safe. If you believe you've found a security issue in our product or service, we encourage you
-to please submit a report through our [HackerOne Program](https://hackerone.com/bitwarden/). We
-welcome working with you to resolve the issue promptly. Thanks in advance!
+Bitwarden believes that working with security researchers across the globe is crucial to keeping our users safe. If you believe you've found a security issue in our product or service, we encourage you to please submit a report through our [HackerOne Program](https://hackerone.com/bitwarden/). We welcome working with you to resolve the issue promptly. Thanks in advance!
 
 # Disclosure Policy
 
-- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every
-  effort to quickly resolve the issue.
-- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or
-  a third-party. We may publicly disclose the issue before resolving it, if appropriate.
-- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or
-  degradation of our service. Only interact with accounts you own or with explicit permission of the
-  account holder.
-- If you would like to encrypt your report, please use the PGP key with long ID
-  `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).
+-   Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
+-   Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. We may publicly disclose the issue before resolving it, if appropriate.
+-   Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
+-   If you would like to encrypt your report, please use the PGP key with long ID `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).
 
 While researching, we'd like to ask you to refrain from:
 
-- Denial of service
-- Spamming
-- Social engineering (including phishing) of Bitwarden staff or contractors
-- Any physical attempts against Bitwarden property or data centers
+-   Denial of service
+-   Spamming
+-   Social engineering (including phishing) of Bitwarden staff or contractors
+-   Any physical attempts against Bitwarden property or data centers
 
 # We want to help you!
 
-If you have something that you feel is close to exploitation, or if you'd like some information
-regarding the internal API, or generally have any questions regarding the app that would help in
-your efforts, please email us at https://bitwarden.com/contact and ask for that information. As
-stated above, Bitwarden wants to help you find issues, and is more than willing to help.
+If you have something that you feel is close to exploitation, or if you'd like some information regarding the internal API, or generally have any questions regarding the app that would help in your efforts, please email us at https://bitwarden.com/contact and ask for that information. As stated above, Bitwarden wants to help you find issues, and is more than willing to help.
 
 Thank you for helping keep Bitwarden and our users safe!

annotation/.gitignore

@@ -1 +0,0 @@
-/build

annotation/build.gradle.kts

@@ -1,42 +0,0 @@
-import org.jetbrains.kotlin.gradle.dsl.JvmTarget
-
-plugins {
-    alias(libs.plugins.android.library)
-    alias(libs.plugins.kotlin.android)
-}
-
-android {
-    namespace = "com.bitwarden.annotation"
-    compileSdk = libs.versions.compileSdk.get().toInt()
-
-    defaultConfig {
-        minSdk = libs.versions.minSdkBwa.get().toInt()
-
-        testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
-        consumerProguardFiles("consumer-rules.pro")
-    }
-
-    buildTypes {
-        release {
-            isMinifyEnabled = false
-            proguardFiles(
-                getDefaultProguardFile("proguard-android-optimize.txt"),
-                "proguard-rules.pro",
-            )
-        }
-    }
-    compileOptions {
-        sourceCompatibility(libs.versions.jvmTarget.get())
-        targetCompatibility(libs.versions.jvmTarget.get())
-    }
-    @Suppress("UnstableApiUsage")
-    testFixtures {
-        enable = true
-    }
-}
-
-kotlin {
-    compilerOptions {
-        jvmTarget = JvmTarget.fromTarget(libs.versions.jvmTarget.get())
-    }
-}

app/build.gradle.kts

@@ -10,17 +10,19 @@ import java.util.Properties
 
 plugins {
     alias(libs.plugins.android.application)
-    alias(libs.plugins.androidx.room)
     // Crashlytics is enabled for all builds initially but removed for FDroid builds in gradle and
     // standardDebug builds in the merged manifest.
     alias(libs.plugins.crashlytics)
+    alias(libs.plugins.detekt)
     alias(libs.plugins.hilt)
     alias(libs.plugins.kotlin.android)
     alias(libs.plugins.kotlin.compose.compiler)
     alias(libs.plugins.kotlin.parcelize)
     alias(libs.plugins.kotlin.serialization)
+    alias(libs.plugins.kotlinx.kover)
     alias(libs.plugins.ksp)
     alias(libs.plugins.google.services)
+    alias(libs.plugins.sonarqube)
 }
 
 /**
@@ -47,25 +49,26 @@ android {
     namespace = "com.x8bit.bitwarden"
     compileSdk = libs.versions.compileSdk.get().toInt()
 
-    room {
-        schemaDirectory("$projectDir/schemas")
-    }
-
     defaultConfig {
         applicationId = "com.x8bit.bitwarden"
         minSdk = libs.versions.minSdk.get().toInt()
         targetSdk = libs.versions.targetSdk.get().toInt()
         versionCode = 1
-        versionName = "2025.4.0"
+        versionName = "2024.9.0"
 
         setProperty("archivesBaseName", "com.x8bit.bitwarden")
 
+        ksp {
+            // The location in which the generated Room Database Schemas will be stored in the repo.
+            arg("room.schemaLocation", "$projectDir/schemas")
+        }
+
         testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
 
         buildConfigField(
             type = "String",
             name = "CI_INFO",
-            value = "${ciProperties.getOrDefault("ci.info", "\"local\"")}",
+            value = "${ciProperties.getOrDefault("ci.info", "\"local\"")}"
         )
     }
 
@@ -99,11 +102,9 @@ android {
             applicationIdSuffix = ".beta"
             isDebuggable = false
             isMinifyEnabled = true
-            isShrinkResources = true
-            matchingFallbacks += listOf("release")
             proguardFiles(
                 getDefaultProguardFile("proguard-android-optimize.txt"),
-                "proguard-rules.pro",
+                "proguard-rules.pro"
             )
 
             buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "false")
@@ -112,10 +113,9 @@ android {
         release {
             isDebuggable = false
             isMinifyEnabled = true
-            isShrinkResources = true
             proguardFiles(
                 getDefaultProguardFile("proguard-android-optimize.txt"),
-                "proguard-rules.pro",
+                "proguard-rules.pro"
             )
 
             buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "false")
@@ -180,6 +180,7 @@ android {
             excludes += "/META-INF/{AL2.0,LGPL2.1}"
         }
     }
+    @Suppress("UnstableApiUsage")
     testOptions {
         // Required for Robolectric
         unitTests.isIncludeAndroidResources = true
@@ -195,7 +196,7 @@ android {
 
 kotlin {
     compilerOptions {
-        jvmTarget = JvmTarget.fromTarget(libs.versions.jvmTarget.get())
+        jvmTarget.set(JvmTarget.fromTarget(libs.versions.jvmTarget.get()))
     }
 }
 
@@ -213,13 +214,7 @@ dependencies {
         add("standardImplementation", dependencyNotation)
     }
 
-    implementation(files("libs/authenticatorbridge-1.0.1-release.aar"))
-
-    implementation(project(":annotation"))
-    implementation(project(":core"))
-    implementation(project(":data"))
-    implementation(project(":network"))
-    implementation(project(":ui"))
+    implementation(files("libs/authenticatorbridge-1.0.0-release.aar"))
 
     implementation(libs.androidx.activity.compose)
     implementation(libs.androidx.appcompat)
@@ -232,7 +227,6 @@ dependencies {
     implementation(platform(libs.androidx.compose.bom))
     implementation(libs.androidx.compose.animation)
     implementation(libs.androidx.compose.material3)
-    implementation(libs.androidx.compose.material3.adaptive)
     implementation(libs.androidx.compose.runtime)
     implementation(libs.androidx.compose.ui)
     implementation(libs.androidx.compose.ui.graphics)
@@ -257,6 +251,7 @@ dependencies {
     implementation(libs.kotlinx.collections.immutable)
     implementation(libs.kotlinx.coroutines.android)
     implementation(libs.kotlinx.serialization)
+    implementation(libs.nulab.zxcvbn4j)
     implementation(libs.square.okhttp)
     implementation(libs.square.okhttp.logging)
     implementation(platform(libs.square.retrofit.bom))
@@ -275,15 +270,8 @@ dependencies {
     standardImplementation(libs.google.firebase.crashlytics)
     standardImplementation(libs.google.play.review)
 
-    // Pull in test fixtures from other modules
-    testImplementation(testFixtures(project(":data")))
-    testImplementation(testFixtures(project(":network")))
-    testImplementation(testFixtures(project(":ui")))
-
     testImplementation(libs.androidx.compose.ui.test)
     testImplementation(libs.google.hilt.android.testing)
-    testImplementation(platform(libs.junit.bom))
-    testRuntimeOnly(libs.junit.platform.launcher)
     testImplementation(libs.junit.junit5)
     testImplementation(libs.junit.vintage)
     testImplementation(libs.kotlinx.coroutines.test)
@@ -291,14 +279,96 @@ dependencies {
     testImplementation(libs.robolectric.robolectric)
     testImplementation(libs.square.okhttp.mockwebserver)
     testImplementation(libs.square.turbine)
+
+    detektPlugins(libs.detekt.detekt.formatting)
+    detektPlugins(libs.detekt.detekt.rules)
+}
+
+detekt {
+    autoCorrect = true
+    config.from(files("$rootDir/detekt-config.yml"))
+}
+
+kover {
+    currentProject {
+        sources {
+            excludeJava = true
+        }
+    }
+    reports {
+        filters {
+            excludes {
+                androidGeneratedClasses()
+                annotatedBy(
+                    // Compose previews
+                    "androidx.compose.ui.tooling.preview.Preview",
+                    "androidx.compose.ui.tooling.preview.PreviewScreenSizes",
+                    // Manually excluded classes/files/etc.
+                    "com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage",
+                )
+                classes(
+                    // Navigation helpers
+                    "*.*NavigationKt*",
+                    // Composable singletons
+                    "*.*ComposableSingletons*",
+                    // Generated classes related to interfaces with default values
+                    "*.*DefaultImpls*",
+                    // Databases
+                    "*.database.*Database*",
+                    "*.dao.*Dao*",
+                    // Dagger Hilt
+                    "dagger.hilt.*",
+                    "hilt_aggregated_deps.*",
+                    "*_Factory",
+                    "*_Factory\$*",
+                    "*_*Factory",
+                    "*_*Factory\$*",
+                    "*.Hilt_*",
+                    "*_HiltModules",
+                    "*_HiltModules*",
+                    "*_HiltModules\$*",
+                    "*_Impl",
+                    "*_Impl\$*",
+                    "*_MembersInjector",
+                )
+                packages(
+                    // Dependency injection
+                    "*.di",
+                    // Models
+                    "*.model",
+                    // Custom UI components
+                    "com.x8bit.bitwarden.ui.platform.components",
+                    // Theme-related code
+                    "com.x8bit.bitwarden.ui.platform.theme",
+                )
+            }
+        }
+    }
 }
 
 tasks {
+    getByName("check") {
+        // Add detekt with type resolution to check
+        dependsOn("detekt")
+    }
+
+    getByName("sonar") {
+        dependsOn("check")
+    }
+
+    withType<io.gitlab.arturbosch.detekt.Detekt>().configureEach {
+        jvmTarget = libs.versions.jvmTarget.get()
+    }
+    withType<io.gitlab.arturbosch.detekt.DetektCreateBaselineTask>().configureEach {
+        jvmTarget = libs.versions.jvmTarget.get()
+    }
+
     withType<Test> {
         useJUnitPlatform()
         maxHeapSize = "2g"
         maxParallelForks = Runtime.getRuntime().availableProcessors()
-        jvmArgs = jvmArgs.orEmpty() + "-XX:+UseParallelGC" + "-Duser.country=US"
+        jvmArgs = jvmArgs.orEmpty() + "-XX:+UseParallelGC"
+        android.sourceSets["main"].res.srcDirs("src/test/res")
     }
 }
 
@@ -312,6 +382,18 @@ afterEvaluate {
         .forEach { it.enabled = false }
 }
 
+sonar {
+    properties {
+        property("sonar.projectKey", "bitwarden_android")
+        property("sonar.organization", "bitwarden")
+        property("sonar.host.url", "https://sonarcloud.io")
+        property("sonar.sources", "app/src/")
+        property("sonar.tests", "app/src/")
+        property("sonar.test.inclusions", "app/src/test/")
+        property("sonar.exclusions", "app/src/test/")
+    }
+}
+
 private fun renameFile(path: String, newName: String) {
     val originalFile = File(path)
     if (!originalFile.exists()) {

app/schemas/com.x8bit.bitwarden.data.credentials.datasource.disk.database.PrivilegedAppDatabase/1.json

@@ -1,38 +0,0 @@
-{
-  "formatVersion": 1,
-  "database": {
-    "version": 1,
-    "identityHash": "ce40856ec88770d11b7afb587c7deabc",
-    "entities": [
-      {
-        "tableName": "privileged_apps",
-        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`package_name` TEXT NOT NULL, `signature` TEXT NOT NULL, PRIMARY KEY(`package_name`, `signature`))",
-        "fields": [
-          {
-            "fieldPath": "packageName",
-            "columnName": "package_name",
-            "affinity": "TEXT",
-            "notNull": true
-          },
-          {
-            "fieldPath": "signature",
-            "columnName": "signature",
-            "affinity": "TEXT",
-            "notNull": true
-          }
-        ],
-        "primaryKey": {
-          "autoGenerate": false,
-          "columnNames": [
-            "package_name",
-            "signature"
-          ]
-        }
-      }
-    ],
-    "setupQueries": [
-      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
-      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'ce40856ec88770d11b7afb587c7deabc')"
-    ]
-  }
-}

app/src/beta/AndroidManifest.xml

@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android"
-    xmlns:tools="http://schemas.android.com/tools">
-
-    <application tools:ignore="MissingApplicationIcon">
-        <activity
-            android:name=".MainActivity">
-            <intent-filter android:autoVerify="true">
-                <action android:name="android.intent.action.VIEW" />
-
-                <category android:name="android.intent.category.DEFAULT" />
-                <category android:name="android.intent.category.BROWSABLE" />
-
-                <data android:scheme="https" />
-                <data android:host="*.bitwarden.pw" />
-                <data android:pathPattern="/redirect-connector.*" />
-            </intent-filter>
-        </activity>
-    </application>
-
-</manifest>

app/src/debug/AndroidManifest.xml

@@ -7,20 +7,6 @@
         <meta-data
             android:name="firebase_crashlytics_collection_enabled"
             android:value="false" />
-        <activity
-            android:name=".MainActivity"
-            tools:ignore="IntentFilterExportedReceiver">
-            <intent-filter android:autoVerify="true">
-                <action android:name="android.intent.action.VIEW" />
-
-                <category android:name="android.intent.category.DEFAULT" />
-                <category android:name="android.intent.category.BROWSABLE" />
-
-                <data android:scheme="https" />
-                <data android:host="*.bitwarden.pw" />
-                <data android:pathPattern="/redirect-connector.*" />
-            </intent-filter>
-        </activity>
     </application>
 
 </manifest>

app/src/fdroid/java/com/x8bit/bitwarden/data/platform/manager/LogsManagerImpl.kt

@@ -1,9 +1,9 @@
 package com.x8bit.bitwarden.data.platform.manager
 
-import com.bitwarden.data.repository.model.Environment
 import com.x8bit.bitwarden.BuildConfig
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacyAppCenterMigrator
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
+import com.x8bit.bitwarden.data.platform.repository.model.Environment
 import timber.log.Timber
 
 /**

app/src/main/AndroidManifest.xml

@@ -15,7 +15,7 @@
     <uses-permission android:name="android.permission.CAMERA" />
     <uses-permission android:name="android.permission.INTERNET" />
     <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
-    <uses-permission android:name="android.permission.READ_USER_DICTIONARY" />
+
     <!-- Protect access to AuthenticatorBridgeService using this custom permission.
 
     Note that each build type uses a different value for knownCerts.
@@ -37,18 +37,15 @@
         android:dataExtractionRules="@xml/data_extraction_rules"
         android:fullBackupContent="@xml/backup_rules"
         android:icon="@mipmap/ic_launcher"
-        android:intentMatchingFlags="enforceIntentFilter"
         android:label="@string/app_name"
         android:networkSecurityConfig="@xml/network_security_config"
         android:roundIcon="@mipmap/ic_launcher_round"
         android:supportsRtl="true"
         android:theme="@style/LaunchTheme"
-        tools:ignore="CredentialDependency"
         tools:replace="appComponentFactory"
-        tools:targetApi="36">
+        tools:targetApi="33">
         <activity
             android:name=".MainActivity"
-            android:configChanges="uiMode"
             android:exported="true"
             android:launchMode="@integer/launchModeAPIlevel"
             android:theme="@style/LaunchTheme"
@@ -79,14 +76,16 @@
                 <category android:name="android.intent.category.BROWSABLE" />
 
                 <data android:scheme="https" />
-                <data android:host="*.bitwarden.com" />
-                <data android:host="*.bitwarden.eu" />
+
+                <data android:host="vault.bitwarden.com" />
+                <data android:host="vault.bitwarden.eu" />
+                <data android:host="*.bitwarden.pw" />
                 <data android:pathPattern="/redirect-connector.*" />
             </intent-filter>
             <intent-filter>
-                <action android:name="com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSKEY" />
-                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSKEY" />
-                <action android:name="com.x8bit.bitwarden.credentials.ACTION_UNLOCK_ACCOUNT" />
+                <action android:name="com.x8bit.bitwarden.fido2.ACTION_CREATE_PASSKEY" />
+                <action android:name="com.x8bit.bitwarden.fido2.ACTION_GET_PASSKEY" />
+                <action android:name="com.x8bit.bitwarden.fido2.ACTION_UNLOCK_ACCOUNT" />
 
                 <category android:name="android.intent.category.DEFAULT" />
             </intent-filter>
@@ -311,14 +310,6 @@
             android:exported="true"
             android:permission="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE" />
 
-        <!-- Firebase SDK initOrder is 100. We use a higher order to initialize first -->
-        <provider
-            android:name=".data.platform.contentprovider.UncaughtErrorLoggingContentProvider"
-            android:authorities="${applicationId}"
-            android:exported="false"
-            android:grantUriPermissions="false"
-            android:initOrder="101" />
-
     </application>
 
     <queries>
@@ -329,19 +320,6 @@
             <action android:name="android.intent.action.MAIN" />
             <category android:name="android.intent.category.HOME" />
         </intent>
-        <!-- To Query Privileged Apps -->
-        <intent>
-            <action android:name="android.intent.action.VIEW" />
-            <data android:scheme="http" />
-        </intent>
-        <!-- To Query Chrome Beta: -->
-        <package android:name="com.chrome.beta" />
-
-        <!-- To Query Chrome Stable: -->
-        <package android:name="com.android.chrome" />
-
-        <!-- To Query Brave Stable: -->
-        <package android:name="com.brave.browser" />
     </queries>
 
 </manifest>

app/src/main/assets/fido2_privileged_community.json

@@ -12,6 +12,20 @@
         ]
       }
     },
+
+    {
+      "type": "android",
+      "info": {
+        "package_name": "net.quetta.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80"
+          }
+        ]
+      }
+    },
+
     {
       "type": "android",
       "info": {
@@ -48,6 +62,18 @@
         ]
       }
     },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fenix",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "50:04:77:90:88:E7:F9:88:D5:BC:5C:C5:F8:79:8F:EB:F4:F8:CD:08:4A:1B:2A:46:EF:D4:C8:EE:4A:EA:F2:11"
+          }
+        ]
+      }
+    },
     {
       "type": "android",
       "info": {

app/src/main/assets/fido2_privileged_google.json

@@ -160,78 +160,6 @@
         ]
       }
     },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.fenix",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "50:04:77:90:88:E7:F9:88:D5:BC:5C:C5:F8:79:8F:EB:F4:F8:CD:08:4A:1B:2A:46:EF:D4:C8:EE:4A:EA:F2:11"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.fenix.debug",
-        "signatures": [
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "BD:AE:82:02:80:D2:AF:B7:74:94:EF:22:58:AA:78:A9:AE:A1:36:41:7E:8B:C2:3D:C9:87:75:2E:6F:48:E8:48"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.focus.beta",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.focus.nightly",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.klar",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.reference.browser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "B0:09:90:E3:0F:9D:81:5D:2E:BC:7B:9B:B2:21:CE:47:E5:C9:D5:17:AA:C7:0E:7F:D5:95:B1:E5:3E:9A:4B:14"
-          }
-        ]
-      }
-    },
     {
       "type": "android",
       "info": {
@@ -643,178 +571,6 @@
           }
         ]
       }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "io.island.Island",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "D9:C3:39:AC:9C:3A:EE:E1:75:1D:85:8C:35:D9:BA:C5:CC:87:B3:CE:76:30:93:F0:F5:10:64:F5:A2:F6:9B:04"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "io.island.IslandCanary",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "90:17:13:23:45:6E:6F:39:CB:FD:CF:B2:56:BE:1D:CF:F3:BC:1C:59:8A:15:93:30:E4:97:73:D0:4C:B9:C9:05"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "io.island.IslandBeta",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "35:31:83:1A:9E:2B:21:1D:E6:AA:C3:69:4B:45:83:6E:56:09:B9:D7:D0:04:C3:1B:21:87:40:FB:77:17:38:D1"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "io.island.IslandDev",
-        "signatures": [
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "io.island.island.intune",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "C2:38:24:15:41:20:A0:8F:C3:95:42:AC:D8:2A:E9:24:94:78:80:1E:47:FD:6C:66:2B:18:1C:28:CA:7E:59:4E"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "io.island.island.canary.intune",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "1E:16:74:BB:79:EA:09:FB:37:CF:9F:1B:07:1B:1D:51:8D:46:03:0E:D3:EE:F2:C1:4E:AD:93:9E:C6:EE:3A:4C"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "io.island.island.beta.intune",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "D2:5E:AD:F6:1C:E6:36:6C:A4:23:A4:7F:C4:DB:9B:8C:9C:8A:35:B4:B0:19:E8:D9:82:FB:D0:8A:D9:DB:49:5A"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "io.island.island.dev.intune",
-        "signatures": [
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "net.quetta.browser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "F1:38:00:4F:38:04:51:D4:8A:05:2B:B3:A3:EF:17:24:23:D4:B0:D0:C8:A3:AA:DD:FB:DB:66:30:31:48:EC:A4"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "cz.seznam.sbrowser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "DB:95:40:66:10:78:83:6E:4E:B1:66:F6:9E:F4:07:30:9E:8D:AE:33:34:68:5E:C8:F6:FA:2F:13:81:B9:AC:F6"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.opera.mini.native",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "57:AC:BC:52:5F:1B:2E:BD:19:19:6C:D6:F0:14:39:7C:C9:10:FD:18:84:1E:0A:E8:50:FE:BC:3E:1E:59:3F:F2"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.opera.mini.native.beta",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "57:AC:BC:52:5F:1B:2E:BD:19:19:6C:D6:F0:14:39:7C:C9:10:FD:18:84:1E:0A:E8:50:FE:BC:3E:1E:59:3F:F2"
-          }
-        ]
-      }
     }
   ]
-}
+}

app/src/main/java/com/x8bit/bitwarden/AccessibilityActivity.kt

@@ -2,7 +2,7 @@ package com.x8bit.bitwarden
 
 import android.os.Bundle
 import androidx.appcompat.app.AppCompatActivity
-import com.bitwarden.annotation.OmitFromCoverage
+import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 
 /**
  * An activity to be launched and then immediately closed so that the OS Shade can be collapsed

app/src/main/java/com/x8bit/bitwarden/AuthCallbackActivity.kt

@@ -4,7 +4,7 @@ import android.content.Intent
 import android.os.Bundle
 import androidx.activity.viewModels
 import androidx.appcompat.app.AppCompatActivity
-import com.bitwarden.annotation.OmitFromCoverage
+import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import dagger.hilt.android.AndroidEntryPoint
 
 /**

app/src/main/java/com/x8bit/bitwarden/AuthCallbackViewModel.kt

@@ -1,13 +1,13 @@
 package com.x8bit.bitwarden
 
 import android.content.Intent
-import com.bitwarden.ui.platform.base.BaseViewModel
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.auth.repository.util.getCaptchaCallbackTokenResult
 import com.x8bit.bitwarden.data.auth.repository.util.getDuoCallbackTokenResult
 import com.x8bit.bitwarden.data.auth.repository.util.getSsoCallbackResult
 import com.x8bit.bitwarden.data.auth.repository.util.getWebAuthResultOrNull
 import com.x8bit.bitwarden.data.auth.util.getYubiKeyResultOrNull
+import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
 import dagger.hilt.android.lifecycle.HiltViewModel
 import javax.inject.Inject
 

app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyActivity.kt

@@ -4,8 +4,8 @@ import android.os.Bundle
 import androidx.activity.viewModels
 import androidx.appcompat.app.AppCompatActivity
 import androidx.lifecycle.lifecycleScope
-import com.bitwarden.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
+import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import dagger.hilt.android.AndroidEntryPoint
 import kotlinx.coroutines.flow.launchIn
 import kotlinx.coroutines.flow.onEach

app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyViewModel.kt

@@ -2,7 +2,6 @@ package com.x8bit.bitwarden
 
 import android.content.Intent
 import androidx.lifecycle.viewModelScope
-import com.bitwarden.ui.platform.base.BaseViewModel
 import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.autofill.util.getTotpCopyIntentOrNull
@@ -10,6 +9,7 @@ import com.x8bit.bitwarden.data.platform.util.launchWithTimeout
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockData
 import com.x8bit.bitwarden.data.vault.repository.util.statusFor
+import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
 import dagger.hilt.android.lifecycle.HiltViewModel
 import kotlinx.coroutines.flow.first
 import kotlinx.coroutines.flow.mapNotNull

app/src/main/java/com/x8bit/bitwarden/BitwardenAppComponentFactory.kt

@@ -5,10 +5,10 @@ import android.content.Intent
 import android.os.Build
 import androidx.annotation.Keep
 import androidx.core.app.AppComponentFactory
-import com.bitwarden.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.BitwardenAutofillService
 import com.x8bit.bitwarden.data.autofill.accessibility.BitwardenAccessibilityService
-import com.x8bit.bitwarden.data.credentials.BitwardenCredentialProviderService
+import com.x8bit.bitwarden.data.autofill.fido2.BitwardenFido2ProviderService
+import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.tiles.BitwardenAutofillTileService
 import com.x8bit.bitwarden.data.tiles.BitwardenGeneratorTileService
 import com.x8bit.bitwarden.data.tiles.BitwardenVaultTileService
@@ -30,7 +30,7 @@ class BitwardenAppComponentFactory : AppComponentFactory() {
      * * [BitwardenAccessibilityService]
      * * [BitwardenAutofillService]
      * * [BitwardenAutofillTileService]
-     * * [BitwardenCredentialProviderService]
+     * * [BitwardenFido2ProviderService]
      * * [BitwardenVaultTileService]
      * * [BitwardenGeneratorTileService]
      */
@@ -63,7 +63,7 @@ class BitwardenAppComponentFactory : AppComponentFactory() {
             if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
                 super.instantiateServiceCompat(
                     cl,
-                    BitwardenCredentialProviderService::class.java.name,
+                    BitwardenFido2ProviderService::class.java.name,
                     intent,
                 )
             } else {

app/src/main/java/com/x8bit/bitwarden/BitwardenApplication.kt

@@ -1,15 +1,13 @@
 package com.x8bit.bitwarden
 
 import android.app.Application
-import com.bitwarden.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManager
+import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.event.OrganizationEventManager
 import com.x8bit.bitwarden.data.platform.manager.network.NetworkConfigManager
-import com.x8bit.bitwarden.data.platform.manager.network.NetworkConnectionManager
 import com.x8bit.bitwarden.data.platform.manager.restriction.RestrictionManager
 import dagger.hilt.android.HiltAndroidApp
-import timber.log.Timber
 import javax.inject.Inject
 
 /**
@@ -23,9 +21,6 @@ class BitwardenApplication : Application() {
     @Inject
     lateinit var logsManager: LogsManager
 
-    @Inject
-    lateinit var networkConnectionManager: NetworkConnectionManager
-
     @Inject
     lateinit var networkConfigManager: NetworkConfigManager
 
@@ -37,9 +32,4 @@ class BitwardenApplication : Application() {
 
     @Inject
     lateinit var restrictionManager: RestrictionManager
-
-    override fun onLowMemory() {
-        super.onLowMemory()
-        Timber.w("onLowMemory")
-    }
 }

app/src/main/java/com/x8bit/bitwarden/BitwardenLegacyAppComponents.kt

@@ -6,11 +6,6 @@ package com.x8bit.bitwarden
 const val LEGACY_ACCESSIBILITY_SERVICE_NAME: String =
     "com.x8bit.bitwarden.Accessibility.AccessibilityService"
 
-/**
- * The short form legacy name for the accessibility service.
- */
-const val LEGACY_SHORT_ACCESSIBILITY_SERVICE_NAME: String = ".Accessibility.AccessibilityService"
-
 /**
  * The legacy name for the autofill service.
  */

app/src/main/java/com/x8bit/bitwarden/MainActivity.kt

@@ -1,7 +1,6 @@
 package com.x8bit.bitwarden
 
 import android.content.Intent
-import android.os.Build
 import android.os.Bundle
 import android.view.KeyEvent
 import android.view.MotionEvent
@@ -11,40 +10,30 @@ import androidx.activity.compose.setContent
 import androidx.activity.viewModels
 import androidx.appcompat.app.AppCompatActivity
 import androidx.appcompat.app.AppCompatDelegate
-import androidx.compose.runtime.Composable
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.remember
 import androidx.core.os.LocaleListCompat
 import androidx.core.splashscreen.SplashScreen.Companion.installSplashScreen
 import androidx.lifecycle.compose.collectAsStateWithLifecycle
-import androidx.navigation.NavController
-import androidx.navigation.compose.NavHost
-import com.bitwarden.annotation.OmitFromCoverage
-import com.bitwarden.ui.platform.base.util.EventsEffect
-import com.bitwarden.ui.platform.theme.BitwardenTheme
-import com.bitwarden.ui.platform.util.setupEdgeToEdge
+import androidx.navigation.compose.rememberNavController
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityCompletionManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillActivityManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
+import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.platform.manager.util.ObserveScreenDataEffect
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-import com.x8bit.bitwarden.ui.platform.components.util.rememberBitwardenNavController
+import com.x8bit.bitwarden.ui.platform.base.util.EventsEffect
 import com.x8bit.bitwarden.ui.platform.composition.LocalManagerProvider
-import com.x8bit.bitwarden.ui.platform.feature.debugmenu.debugMenuDestination
 import com.x8bit.bitwarden.ui.platform.feature.debugmenu.manager.DebugMenuLaunchManager
 import com.x8bit.bitwarden.ui.platform.feature.debugmenu.navigateToDebugMenuScreen
-import com.x8bit.bitwarden.ui.platform.feature.rootnav.ROOT_ROUTE
-import com.x8bit.bitwarden.ui.platform.feature.rootnav.rootNavDestination
-import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppLanguage
-import com.x8bit.bitwarden.ui.platform.util.appLanguage
+import com.x8bit.bitwarden.ui.platform.feature.rootnav.RootNavScreen
+import com.x8bit.bitwarden.ui.platform.theme.BitwardenTheme
 import dagger.hilt.android.AndroidEntryPoint
-import kotlinx.coroutines.flow.map
 import javax.inject.Inject
 
 /**
  * Primary entry point for the application.
  */
-@Suppress("TooManyFunctions")
 @OmitFromCoverage
 @AndroidEntryPoint
 class MainActivity : AppCompatActivity() {
@@ -66,48 +55,77 @@ class MainActivity : AppCompatActivity() {
     @Inject
     lateinit var debugLaunchManager: DebugMenuLaunchManager
 
+    @Suppress("LongMethod")
     override fun onCreate(savedInstanceState: Bundle?) {
         var shouldShowSplashScreen = true
         installSplashScreen().setKeepOnScreenCondition { shouldShowSplashScreen }
         super.onCreate(savedInstanceState)
 
         if (savedInstanceState == null) {
-            mainViewModel.trySendAction(MainAction.ReceiveFirstIntent(intent = intent))
+            mainViewModel.trySendAction(
+                MainAction.ReceiveFirstIntent(
+                    intent = intent,
+                ),
+            )
         }
 
-        // Within the app the theme will change dynamically and will be managed by the
+        // Within the app the language and theme will change dynamically and will be managed by the
         // OS, but we need to ensure we properly set the values when upgrading from older versions
         // that handle this differently or when the activity restarts.
+        settingsRepository.appLanguage.localeName?.let { localeName ->
+            val localeList = LocaleListCompat.forLanguageTags(localeName)
+            AppCompatDelegate.setApplicationLocales(localeList)
+        }
         AppCompatDelegate.setDefaultNightMode(settingsRepository.appTheme.osValue)
-        setupEdgeToEdge(appThemeFlow = mainViewModel.stateFlow.map { it.theme })
         setContent {
-            val navController = rememberBitwardenNavController(name = "MainActivity")
-            SetupEventsEffect(navController = navController)
             val state by mainViewModel.stateFlow.collectAsStateWithLifecycle()
-            updateScreenCapture(isScreenCaptureAllowed = state.isScreenCaptureAllowed)
-            LocalManagerProvider(featureFlagsState = state.featureFlagsState) {
-                ObserveScreenDataEffect(
-                    onDataUpdate = remember(mainViewModel) {
-                        { mainViewModel.trySendAction(MainAction.ResumeScreenDataReceived(it)) }
-                    },
-                )
-                BitwardenTheme(
-                    theme = state.theme,
-                    dynamicColor = state.isDynamicColorsEnabled,
-                ) {
-                    NavHost(
-                        navController = navController,
-                        startDestination = ROOT_ROUTE,
-                    ) {
-                        // Nothing else should end up at this top level, we just want the ability
-                        // to have the debug menu appear on top of the rest of the app without
-                        // interacting with the state-based navigation used by the RootNavScreen.
-                        rootNavDestination { shouldShowSplashScreen = false }
-                        debugMenuDestination(
-                            onNavigateBack = { navController.popBackStack() },
-                            onSplashScreenRemoved = { shouldShowSplashScreen = false },
+            val navController = rememberNavController()
+            EventsEffect(viewModel = mainViewModel) { event ->
+                when (event) {
+                    is MainEvent.CompleteAccessibilityAutofill -> {
+                        handleCompleteAccessibilityAutofill(event)
+                    }
+
+                    is MainEvent.CompleteAutofill -> handleCompleteAutofill(event)
+                    MainEvent.Recreate -> handleRecreate()
+                    MainEvent.NavigateToDebugMenu -> navController.navigateToDebugMenuScreen()
+                    is MainEvent.ShowToast -> {
+                        Toast
+                            .makeText(
+                                baseContext,
+                                event.message.invoke(resources),
+                                Toast.LENGTH_SHORT,
+                            )
+                            .show()
+                    }
+
+                    is MainEvent.UpdateAppLocale -> {
+                        AppCompatDelegate.setApplicationLocales(
+                            LocaleListCompat.forLanguageTags(event.localeName),
                         )
                     }
+
+                    is MainEvent.UpdateAppTheme -> {
+                        AppCompatDelegate.setDefaultNightMode(event.osTheme)
+                    }
+                }
+            }
+            updateScreenCapture(isScreenCaptureAllowed = state.isScreenCaptureAllowed)
+            LocalManagerProvider {
+                ObserveScreenDataEffect(
+                    onDataUpdate = remember(mainViewModel) {
+                        {
+                            mainViewModel.trySendAction(
+                                MainAction.ResumeScreenDataReceived(it),
+                            )
+                        }
+                    },
+                )
+                BitwardenTheme(theme = state.theme) {
+                    RootNavScreen(
+                        onSplashScreenRemoved = { shouldShowSplashScreen = false },
+                        navController = navController,
+                    )
                 }
             }
         }
@@ -115,32 +133,9 @@ class MainActivity : AppCompatActivity() {
 
     override fun onNewIntent(intent: Intent) {
         super.onNewIntent(intent)
-        mainViewModel.trySendAction(action = MainAction.ReceiveNewIntent(intent = intent))
-    }
-
-    override fun onResume() {
-        super.onResume()
-        // When the app resumes check for any app specific language which may have been
-        // set via the device settings. Similar to the theme setting in onCreate this
-        // ensures we properly set the values when upgrading from older versions
-        // that handle this differently or when the activity restarts.
-        val appSpecificLanguage = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
-            val locales: LocaleListCompat = AppCompatDelegate.getApplicationLocales()
-            if (locales.isEmpty) {
-                // App is using the system language
-                null
-            } else {
-                // App has specific language settings
-                locales.get(0)?.appLanguage
-            }
-        } else {
-            // For older versions, use what ever language is available from the repository.
-            settingsRepository.appLanguage
-        }
-
         mainViewModel.trySendAction(
-            action = MainAction.AppSpecificLanguageUpdate(
-                appLanguage = appSpecificLanguage ?: AppLanguage.DEFAULT,
+            action = MainAction.ReceiveNewIntent(
+                intent = intent,
             ),
         )
     }
@@ -162,34 +157,6 @@ class MainActivity : AppCompatActivity() {
         .takeIf { it }
         ?: super.dispatchKeyEvent(event)
 
-    @Composable
-    private fun SetupEventsEffect(navController: NavController) {
-        EventsEffect(viewModel = mainViewModel) { event ->
-            when (event) {
-                is MainEvent.CompleteAccessibilityAutofill -> {
-                    handleCompleteAccessibilityAutofill(event)
-                }
-
-                is MainEvent.CompleteAutofill -> handleCompleteAutofill(event)
-                MainEvent.Recreate -> handleRecreate()
-                MainEvent.NavigateToDebugMenu -> navController.navigateToDebugMenuScreen()
-                is MainEvent.ShowToast -> {
-                    Toast
-                        .makeText(baseContext, event.message.invoke(resources), Toast.LENGTH_SHORT)
-                        .show()
-                }
-
-                is MainEvent.UpdateAppLocale -> {
-                    AppCompatDelegate.setApplicationLocales(
-                        LocaleListCompat.forLanguageTags(event.localeName),
-                    )
-                }
-
-                is MainEvent.UpdateAppTheme -> AppCompatDelegate.setDefaultNightMode(event.osTheme)
-            }
-        }
-    }
-
     private fun sendOpenDebugMenuEvent() {
         mainViewModel.trySendAction(MainAction.OpenDebugMenu)
     }

app/src/main/java/com/x8bit/bitwarden/MainViewModel.kt

@@ -4,10 +4,6 @@ import android.content.Intent
 import android.os.Parcelable
 import androidx.lifecycle.SavedStateHandle
 import androidx.lifecycle.viewModelScope
-import com.bitwarden.ui.platform.base.BaseViewModel
-import com.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
-import com.bitwarden.ui.util.Text
-import com.bitwarden.ui.util.asText
 import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManager
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
@@ -15,29 +11,29 @@ import com.x8bit.bitwarden.data.auth.repository.model.EmailTokenResult
 import com.x8bit.bitwarden.data.auth.util.getCompleteRegistrationDataIntentOrNull
 import com.x8bit.bitwarden.data.auth.util.getPasswordlessRequestDataIntentOrNull
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilitySelectionManager
+import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2CredentialManager
+import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2AssertionRequestOrNull
+import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2CreateCredentialRequestOrNull
+import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2GetCredentialsRequestOrNull
 import com.x8bit.bitwarden.data.autofill.manager.AutofillSelectionManager
 import com.x8bit.bitwarden.data.autofill.util.getAutofillSaveItemOrNull
 import com.x8bit.bitwarden.data.autofill.util.getAutofillSelectionDataOrNull
-import com.x8bit.bitwarden.data.credentials.manager.BitwardenCredentialManager
-import com.x8bit.bitwarden.data.credentials.util.getCreateCredentialRequestOrNull
-import com.x8bit.bitwarden.data.credentials.util.getFido2AssertionRequestOrNull
-import com.x8bit.bitwarden.data.credentials.util.getGetCredentialsRequestOrNull
 import com.x8bit.bitwarden.data.platform.manager.AppResumeManager
-import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
 import com.x8bit.bitwarden.data.platform.manager.SpecialCircumstanceManager
 import com.x8bit.bitwarden.data.platform.manager.garbage.GarbageCollectionManager
 import com.x8bit.bitwarden.data.platform.manager.model.AppResumeScreenData
 import com.x8bit.bitwarden.data.platform.manager.model.CompleteRegistrationData
-import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
 import com.x8bit.bitwarden.data.platform.manager.model.SpecialCircumstance
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.data.platform.util.isAddTotpLoginItemFromAuthenticator
 import com.x8bit.bitwarden.data.vault.manager.model.VaultStateEvent
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
-import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppLanguage
+import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
+import com.x8bit.bitwarden.ui.platform.base.util.Text
+import com.x8bit.bitwarden.ui.platform.base.util.asText
+import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
 import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
-import com.x8bit.bitwarden.ui.platform.model.FeatureFlagsState
 import com.x8bit.bitwarden.ui.platform.util.isAccountSecurityShortcut
 import com.x8bit.bitwarden.ui.platform.util.isMyVaultShortcut
 import com.x8bit.bitwarden.ui.platform.util.isPasswordGeneratorShortcut
@@ -58,7 +54,6 @@ import java.time.Clock
 import javax.inject.Inject
 
 private const val SPECIAL_CIRCUMSTANCE_KEY = "special-circumstance"
-private const val ANIMATION_REFRESH_DELAY = 500L
 
 /**
  * A view model that helps launch actions for the [MainActivity].
@@ -68,13 +63,12 @@ private const val ANIMATION_REFRESH_DELAY = 500L
 class MainViewModel @Inject constructor(
     accessibilitySelectionManager: AccessibilitySelectionManager,
     autofillSelectionManager: AutofillSelectionManager,
-    featureFlagManager: FeatureFlagManager,
     private val addTotpItemFromAuthenticatorManager: AddTotpItemFromAuthenticatorManager,
     private val specialCircumstanceManager: SpecialCircumstanceManager,
     private val garbageCollectionManager: GarbageCollectionManager,
-    private val bitwardenCredentialManager: BitwardenCredentialManager,
+    private val fido2CredentialManager: Fido2CredentialManager,
     private val intentManager: IntentManager,
-    private val settingsRepository: SettingsRepository,
+    settingsRepository: SettingsRepository,
     private val vaultRepository: VaultRepository,
     private val authRepository: AuthRepository,
     private val environmentRepository: EnvironmentRepository,
@@ -85,10 +79,6 @@ class MainViewModel @Inject constructor(
     initialState = MainState(
         theme = settingsRepository.appTheme,
         isScreenCaptureAllowed = settingsRepository.isScreenCaptureAllowed,
-        isErrorReportingDialogEnabled = featureFlagManager.getFeatureFlag(
-            key = FlagKey.MobileErrorReporting,
-        ),
-        isDynamicColorsEnabled = settingsRepository.isDynamicColorsEnabled,
     ),
 ) {
     private var specialCircumstance: SpecialCircumstance?
@@ -106,12 +96,6 @@ class MainViewModel @Inject constructor(
             .onEach { specialCircumstance = it }
             .launchIn(viewModelScope)
 
-        featureFlagManager
-            .getFeatureFlagFlow(key = FlagKey.MobileErrorReporting)
-            .map { MainAction.Internal.OnMobileErrorReportingReceive(it) }
-            .onEach(::sendAction)
-            .launchIn(viewModelScope)
-
         accessibilitySelectionManager
             .accessibilitySelectionFlow
             .map { MainAction.Internal.AccessibilitySelectionReceive(it) }
@@ -139,12 +123,6 @@ class MainViewModel @Inject constructor(
             .onEach(::trySendAction)
             .launchIn(viewModelScope)
 
-        settingsRepository
-            .isDynamicColorsEnabledFlow
-            .map { MainAction.Internal.DynamicColorsUpdate(it) }
-            .onEach(::trySendAction)
-            .launchIn(viewModelScope)
-
         authRepository
             .userStateFlow
             .drop(count = 1)
@@ -156,7 +134,8 @@ class MainViewModel @Inject constructor(
                 // Switching between account states often involves some kind of animation (ex:
                 // account switcher) that we might want to give time to finish before triggering
                 // a refresh.
-                delay(ANIMATION_REFRESH_DELAY)
+                @Suppress("MagicNumber")
+                delay(500)
                 trySendAction(MainAction.Internal.CurrentUserStateChange)
             }
             .launchIn(viewModelScope)
@@ -168,7 +147,8 @@ class MainViewModel @Inject constructor(
                     is VaultStateEvent.Locked -> {
                         // Similar to account switching, triggering this action too soon can
                         // interfere with animations or navigation logic, so we will delay slightly.
-                        delay(ANIMATION_REFRESH_DELAY)
+                        @Suppress("MagicNumber")
+                        delay(500)
                         trySendAction(MainAction.Internal.VaultUnlockStateChange)
                     }
 
@@ -192,17 +172,6 @@ class MainViewModel @Inject constructor(
     }
 
     override fun handleAction(action: MainAction) {
-        when (action) {
-            is MainAction.ReceiveFirstIntent -> handleFirstIntentReceived(action)
-            is MainAction.ReceiveNewIntent -> handleNewIntentReceived(action)
-            MainAction.OpenDebugMenu -> handleOpenDebugMenu()
-            is MainAction.ResumeScreenDataReceived -> handleAppResumeDataUpdated(action)
-            is MainAction.AppSpecificLanguageUpdate -> handleAppSpecificLanguageUpdate(action)
-            is MainAction.Internal -> handleInternalAction(action)
-        }
-    }
-
-    private fun handleInternalAction(action: MainAction.Internal) {
         when (action) {
             is MainAction.Internal.AccessibilitySelectionReceive -> {
                 handleAccessibilitySelectionReceive(action)
@@ -216,25 +185,13 @@ class MainViewModel @Inject constructor(
             is MainAction.Internal.ScreenCaptureUpdate -> handleScreenCaptureUpdate(action)
             is MainAction.Internal.ThemeUpdate -> handleAppThemeUpdated(action)
             is MainAction.Internal.VaultUnlockStateChange -> handleVaultUnlockStateChange()
-            is MainAction.Internal.DynamicColorsUpdate -> handleDynamicColorsUpdate(action)
-            is MainAction.Internal.OnMobileErrorReportingReceive -> {
-                handleOnMobileErrorReportingReceive(action)
-            }
+            is MainAction.ReceiveFirstIntent -> handleFirstIntentReceived(action)
+            is MainAction.ReceiveNewIntent -> handleNewIntentReceived(action)
+            MainAction.OpenDebugMenu -> handleOpenDebugMenu()
+            is MainAction.ResumeScreenDataReceived -> handleAppResumeDataUpdated(action)
         }
     }
 
-    private fun handleOnMobileErrorReportingReceive(
-        action: MainAction.Internal.OnMobileErrorReportingReceive,
-    ) {
-        mutableStateFlow.update {
-            it.copy(isErrorReportingDialogEnabled = action.isErrorReportingEnabled)
-        }
-    }
-
-    private fun handleAppSpecificLanguageUpdate(action: MainAction.AppSpecificLanguageUpdate) {
-        settingsRepository.appLanguage = action.appLanguage
-    }
-
     private fun handleAppResumeDataUpdated(action: MainAction.ResumeScreenDataReceived) {
         when (val data = action.screenResumeData) {
             null -> appResumeManager.clearResumeScreen()
@@ -277,10 +234,6 @@ class MainViewModel @Inject constructor(
         recreateUiAndGarbageCollect()
     }
 
-    private fun handleDynamicColorsUpdate(action: MainAction.Internal.DynamicColorsUpdate) {
-        mutableStateFlow.update { it.copy(isDynamicColorsEnabled = action.isDynamicColorsEnabled) }
-    }
-
     private fun handleFirstIntentReceived(action: MainAction.ReceiveFirstIntent) {
         handleIntent(
             intent = action.intent,
@@ -321,10 +274,10 @@ class MainViewModel @Inject constructor(
         val hasGeneratorShortcut = intent.isPasswordGeneratorShortcut
         val hasVaultShortcut = intent.isMyVaultShortcut
         val hasAccountSecurityShortcut = intent.isAccountSecurityShortcut
+        val fido2CreateCredentialRequestData = intent.getFido2CreateCredentialRequestOrNull()
         val completeRegistrationData = intent.getCompleteRegistrationDataIntentOrNull()
-        val createCredentialRequest = intent.getCreateCredentialRequestOrNull()
-        val getCredentialsRequest = intent.getGetCredentialsRequestOrNull()
-        val fido2AssertCredentialRequest = intent.getFido2AssertionRequestOrNull()
+        val fido2CredentialAssertionRequest = intent.getFido2AssertionRequestOrNull()
+        val fido2GetCredentialsRequest = intent.getFido2GetCredentialsRequestOrNull()
         when {
             passwordlessRequestData != null -> {
                 authRepository.activeUserId?.let {
@@ -382,43 +335,41 @@ class MainViewModel @Inject constructor(
                     )
             }
 
-            createCredentialRequest != null -> {
+            fido2CreateCredentialRequestData != null -> {
                 // Set the user's verification status when a new FIDO 2 request is received to force
                 // explicit verification if the user's vault is unlocked when the request is
                 // received.
-                bitwardenCredentialManager.isUserVerified =
-                    createCredentialRequest.isUserPreVerified
-
+                fido2CreateCredentialRequestData.isUserVerified
+                    ?.let { isVerified -> fido2CredentialManager.isUserVerified = isVerified }
                 specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.ProviderCreateCredential(
-                        createCredentialRequest = createCredentialRequest,
+                    SpecialCircumstance.Fido2Save(
+                        fido2CreateCredentialRequest = fido2CreateCredentialRequestData,
                     )
 
                 // Switch accounts if the selected user is not the active user.
                 if (authRepository.activeUserId != null &&
-                    authRepository.activeUserId != createCredentialRequest.userId
+                    authRepository.activeUserId != fido2CreateCredentialRequestData.userId
                 ) {
-                    authRepository.switchAccount(createCredentialRequest.userId)
+                    authRepository.switchAccount(fido2CreateCredentialRequestData.userId)
                 }
             }
 
-            fido2AssertCredentialRequest != null -> {
-                // Set the user's verification status when a new FIDO 2 request is received to force
-                // explicit verification if the user's vault is unlocked when the request is
-                // received.
-                bitwardenCredentialManager.isUserVerified =
-                    fido2AssertCredentialRequest.isUserPreVerified
-
+            fido2CredentialAssertionRequest != null -> {
+                // If device biometric verification was performed as part of single-tap
+                // authentication, set the user's verification state to the device result.
+                // Otherwise, retain the verification state as-is.
+                fido2CredentialAssertionRequest.isUserVerified
+                    ?.let { isVerified -> fido2CredentialManager.isUserVerified = isVerified }
                 specialCircumstanceManager.specialCircumstance =
                     SpecialCircumstance.Fido2Assertion(
-                        fido2AssertionRequest = fido2AssertCredentialRequest,
+                        fido2AssertionRequest = fido2CredentialAssertionRequest,
                     )
             }
 
-            getCredentialsRequest != null -> {
+            fido2GetCredentialsRequest != null -> {
                 specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.ProviderGetCredentials(
-                        getCredentialsRequest = getCredentialsRequest,
+                    SpecialCircumstance.Fido2GetCredentials(
+                        fido2GetCredentialsRequest = fido2GetCredentialsRequest,
                     )
             }
 
@@ -494,17 +445,7 @@ class MainViewModel @Inject constructor(
 data class MainState(
     val theme: AppTheme,
     val isScreenCaptureAllowed: Boolean,
-    val isDynamicColorsEnabled: Boolean,
-    private val isErrorReportingDialogEnabled: Boolean,
-) : Parcelable {
-    /**
-     * Contains all feature flags that are available to the UI.
-     */
-    val featureFlagsState: FeatureFlagsState
-        get() = FeatureFlagsState(
-            isErrorReportingDialogEnabled = isErrorReportingDialogEnabled,
-        )
-}
+) : Parcelable
 
 /**
  * Models actions for the [MainActivity].
@@ -530,12 +471,6 @@ sealed class MainAction {
      */
     data class ResumeScreenDataReceived(val screenResumeData: AppResumeScreenData?) : MainAction()
 
-    /**
-     * Receive if there is an app specific locale selection made by user
-     * in the device's settings.
-     */
-    data class AppSpecificLanguageUpdate(val appLanguage: AppLanguage) : MainAction()
-
     /**
      * Actions for internal use by the ViewModel.
      */
@@ -548,13 +483,6 @@ sealed class MainAction {
             val cipherView: CipherView,
         ) : Internal()
 
-        /**
-         * Indicates the Mobile Error Reporting feature flag has been updated.
-         */
-        data class OnMobileErrorReportingReceive(
-            val isErrorReportingEnabled: Boolean,
-        ) : Internal()
-
         /**
          * Indicates the user has manually selected the given [cipherView] for autofill.
          */
@@ -585,13 +513,6 @@ sealed class MainAction {
          * Indicates a relevant change in the current vault lock state.
          */
         data object VaultUnlockStateChange : Internal()
-
-        /**
-         * Indicates that the dynamic colors state has changed.
-         */
-        data class DynamicColorsUpdate(
-            val isDynamicColorsEnabled: Boolean,
-        ) : Internal()
     }
 }
 

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt

@@ -1,11 +1,11 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk
 
-import com.bitwarden.network.model.SyncResponseJson
-import com.bitwarden.network.provider.AppIdProvider
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountTokensJson
+import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeState
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
+import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.coroutines.flow.Flow
 import java.time.Instant
 
@@ -13,7 +13,7 @@ import java.time.Instant
  * Primary access point for disk information.
  */
 @Suppress("TooManyFunctions")
-interface AuthDiskSource : AppIdProvider {
+interface AuthDiskSource {
 
     /**
      * The currently persisted authenticator sync symmetric key. This key is used for
@@ -21,6 +21,13 @@ interface AuthDiskSource : AppIdProvider {
      */
     var authenticatorSyncSymmetricKey: ByteArray?
 
+    /**
+     * Retrieves a unique ID for the application that is stored locally. This will generate a new
+     * one if it does not yet exist and it will only be reset for new installs or when clearing
+     * application data.
+     */
+    val uniqueAppId: String
+
     /**
      * The currently persisted saved email address (or `null` if not set).
      */
@@ -337,6 +344,16 @@ interface AuthDiskSource : AppIdProvider {
      */
     fun getShowImportLoginsFlow(userId: String): Flow<Boolean?>
 
+    /**
+     * Gets the new device notice state for the given [userId].
+     */
+    fun getNewDeviceNoticeState(userId: String): NewDeviceNoticeState
+
+    /**
+     * Stores the new device notice state for the given [userId].
+     */
+    fun storeNewDeviceNoticeState(userId: String, newState: NewDeviceNoticeState?)
+
     /**
      * Gets the last lock timestamp for the given [userId].
      */

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt

@@ -1,15 +1,17 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk
 
 import android.content.SharedPreferences
-import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
-import com.bitwarden.core.data.util.decodeFromStringOrNull
-import com.bitwarden.data.datasource.disk.BaseEncryptedDiskSource
-import com.bitwarden.network.model.SyncResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountTokensJson
+import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeDisplayStatus
+import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeState
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
+import com.x8bit.bitwarden.data.platform.datasource.disk.BaseEncryptedDiskSource
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStorageMigrator
+import com.x8bit.bitwarden.data.platform.repository.util.bufferedMutableSharedFlow
+import com.x8bit.bitwarden.data.platform.util.decodeFromStringOrNull
+import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.MutableSharedFlow
 import kotlinx.coroutines.flow.onSubscription
@@ -47,6 +49,7 @@ private const val TDE_LOGIN_COMPLETE = "tdeLoginComplete"
 private const val USES_KEY_CONNECTOR = "usesKeyConnector"
 private const val ONBOARDING_STATUS_KEY = "onboardingStatus"
 private const val SHOW_IMPORT_LOGINS_KEY = "showImportLogins"
+private const val NEW_DEVICE_NOTICE_STATE = "newDeviceNoticeState"
 private const val LAST_LOCK_TIMESTAMP = "lastLockTimestamp"
 
 /**
@@ -486,6 +489,22 @@ class AuthDiskSourceImpl(
         getMutableShowImportLoginsFlow(userId)
             .onSubscription { emit(getShowImportLogins(userId)) }
 
+    override fun getNewDeviceNoticeState(userId: String): NewDeviceNoticeState {
+        return getString(key = NEW_DEVICE_NOTICE_STATE.appendIdentifier(userId))?.let {
+            json.decodeFromStringOrNull(it)
+        } ?: NewDeviceNoticeState(
+            displayStatus = NewDeviceNoticeDisplayStatus.HAS_NOT_SEEN,
+            lastSeenDate = null,
+        )
+    }
+
+    override fun storeNewDeviceNoticeState(userId: String, newState: NewDeviceNoticeState?) {
+        putString(
+            key = NEW_DEVICE_NOTICE_STATE.appendIdentifier(userId),
+            value = newState?.let { json.encodeToString(it) },
+        )
+    }
+
     override fun getLastLockTimestamp(userId: String): Instant? {
         return getLong(key = LAST_LOCK_TIMESTAMP.appendIdentifier(userId))?.let {
             Instant.ofEpochMilli(it)

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/di/AuthDiskModule.kt

@@ -1,10 +1,10 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk.di
 
 import android.content.SharedPreferences
-import com.bitwarden.data.datasource.disk.di.EncryptedPreferences
-import com.bitwarden.data.datasource.disk.di.UnencryptedPreferences
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSourceImpl
+import com.x8bit.bitwarden.data.platform.datasource.di.EncryptedPreferences
+import com.x8bit.bitwarden.data.platform.datasource.di.UnencryptedPreferences
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStorageMigrator
 import dagger.Module
 import dagger.Provides

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/AccountJson.kt

@@ -1,8 +1,7 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk.model
 
-import com.bitwarden.data.datasource.disk.model.EnvironmentUrlDataJson
-import com.bitwarden.network.model.KdfTypeJson
-import com.bitwarden.network.model.UserDecryptionOptionsJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.UserDecryptionOptionsJson
 import kotlinx.serialization.Contextual
 import kotlinx.serialization.ExperimentalSerializationApi
 import kotlinx.serialization.SerialName

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/EnvironmentUrlDataJson.kt

@@ -1,6 +1,5 @@
-package com.bitwarden.data.datasource.disk.model
+package com.x8bit.bitwarden.data.auth.datasource.disk.model
 
-import com.bitwarden.data.repository.model.EnvironmentRegion
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
 
@@ -42,16 +41,6 @@ data class EnvironmentUrlDataJson(
     @SerialName("events")
     val events: String? = null,
 ) {
-    /**
-     * Returns the [EnvironmentRegion] based on the base domain for the US or EU environments.
-     */
-    val environmentRegion: EnvironmentRegion
-        get() = when (base) {
-            DEFAULT_US.base -> EnvironmentRegion.UNITED_STATES
-            DEFAULT_EU.base -> EnvironmentRegion.EUROPEAN_UNION
-            else -> EnvironmentRegion.SELF_HOSTED
-        }
-
     @Suppress("UndocumentedPublicClass")
     companion object {
         /**

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/NewDeviceNoticeDisplayStatus.kt

@@ -0,0 +1,60 @@
+package com.x8bit.bitwarden.data.auth.datasource.disk.model
+
+import kotlinx.serialization.Contextual
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+import java.time.ZonedDateTime
+
+/**
+ * Describes the current display status of the new device notice screen.
+ */
+@Serializable
+enum class NewDeviceNoticeDisplayStatus {
+    /**
+     * The user has seen the screen and indicated they can access their email.
+     */
+    @SerialName("canAccessEmail")
+    CAN_ACCESS_EMAIL,
+
+    /**
+     * The user has indicated they can access their email
+     * as specified by the Permanent mode of the notice.
+     */
+    @SerialName("canAccessEmailPermanent")
+    CAN_ACCESS_EMAIL_PERMANENT,
+
+    /**
+     * The user has not seen the screen.
+     */
+    @SerialName("hasNotSeen")
+    HAS_NOT_SEEN,
+
+    /**
+     * The user has seen the screen and selected "remind me later".
+     */
+    @SerialName("hasSeen")
+    HAS_SEEN,
+}
+
+/**
+ * The state of the new device notice screen.
+ */
+@Suppress("MagicNumber")
+@Serializable
+data class NewDeviceNoticeState(
+    @SerialName("displayStatus")
+    val displayStatus: NewDeviceNoticeDisplayStatus,
+
+    @SerialName("lastSeenDate")
+    @Contextual
+    val lastSeenDate: ZonedDateTime?,
+) {
+    /**
+     * Whether the [lastSeenDate] is at least 7 days old.
+     */
+    val shouldDisplayNoticeIfSeen = lastSeenDate
+        ?.isBefore(
+            ZonedDateTime.now().minusDays(7),
+        )
+        ?: false
+}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAccountsApi.kt

@@ -1,11 +1,11 @@
-package com.bitwarden.network.api
+package com.x8bit.bitwarden.data.auth.datasource.network.api
 
-import com.bitwarden.network.model.CreateAccountKeysRequest
-import com.bitwarden.network.model.DeleteAccountRequestJson
-import com.bitwarden.network.model.NetworkResult
-import com.bitwarden.network.model.ResetPasswordRequestJson
-import com.bitwarden.network.model.SetPasswordRequestJson
-import com.bitwarden.network.model.VerifyOtpRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.CreateAccountKeysRequest
+import com.x8bit.bitwarden.data.auth.datasource.network.model.DeleteAccountRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.ResetPasswordRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.SetPasswordRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyOtpRequestJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.HTTP
 import retrofit2.http.POST
@@ -13,7 +13,7 @@ import retrofit2.http.POST
 /**
  * Defines raw calls under the /accounts API with authentication applied.
  */
-internal interface AuthenticatedAccountsApi {
+interface AuthenticatedAccountsApi {
 
     /**
      * Converts the currently active account to a key-connector account.

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAuthRequestsApi.kt

@@ -1,9 +1,9 @@
-package com.bitwarden.network.api
+package com.x8bit.bitwarden.data.auth.datasource.network.api
 
-import com.bitwarden.network.model.AuthRequestRequestJson
-import com.bitwarden.network.model.AuthRequestUpdateRequestJson
-import com.bitwarden.network.model.AuthRequestsResponseJson
-import com.bitwarden.network.model.NetworkResult
+import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestUpdateRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestsResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.GET
 import retrofit2.http.Header
@@ -14,7 +14,7 @@ import retrofit2.http.Path
 /**
  * Defines authenticated raw calls under the /auth-requests API.
  */
-internal interface AuthenticatedAuthRequestsApi {
+interface AuthenticatedAuthRequestsApi {
 
     /**
      * Notifies the server of a new admin authentication request.

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedDevicesApi.kt

@@ -1,9 +1,9 @@
-package com.bitwarden.network.api
+package com.x8bit.bitwarden.data.auth.datasource.network.api
 
 import androidx.annotation.Keep
-import com.bitwarden.network.model.NetworkResult
-import com.bitwarden.network.model.TrustedDeviceKeysRequestJson
-import com.bitwarden.network.model.TrustedDeviceKeysResponseJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.PUT
 import retrofit2.http.Path
@@ -12,7 +12,7 @@ import retrofit2.http.Path
  * Defines raw calls under the /devices API that require authentication.
  */
 @Keep
-internal interface AuthenticatedDevicesApi {
+interface AuthenticatedDevicesApi {
     @PUT("/devices/{appId}/keys")
     suspend fun updateTrustedDeviceKeys(
         @Path(value = "appId") appId: String,

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedKeyConnectorApi.kt

@@ -1,8 +1,8 @@
-package com.bitwarden.network.api
+package com.x8bit.bitwarden.data.auth.datasource.network.api
 
 import androidx.annotation.Keep
-import com.bitwarden.network.model.KeyConnectorMasterKeyRequestJson
-import com.bitwarden.network.model.NetworkResult
+import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyRequestJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.POST
 import retrofit2.http.Url
@@ -11,7 +11,7 @@ import retrofit2.http.Url
  * Defines raw calls specific for key connectors that use custom urls.
  */
 @Keep
-internal interface AuthenticatedKeyConnectorApi {
+interface AuthenticatedKeyConnectorApi {
     @POST
     suspend fun storeMasterKeyToKeyConnector(
         @Url url: String,

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedOrganizationApi.kt

@@ -1,19 +1,18 @@
-package com.bitwarden.network.api
+package com.x8bit.bitwarden.data.auth.datasource.network.api
 
-import com.bitwarden.network.model.NetworkResult
-import com.bitwarden.network.model.OrganizationAutoEnrollStatusResponseJson
-import com.bitwarden.network.model.OrganizationKeysResponseJson
-import com.bitwarden.network.model.OrganizationResetPasswordEnrollRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationAutoEnrollStatusResponseJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationKeysResponseJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationResetPasswordEnrollRequestJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.GET
-import retrofit2.http.POST
 import retrofit2.http.PUT
 import retrofit2.http.Path
 
 /**
  * Defines raw calls under the authenticated /organizations API.
  */
-internal interface AuthenticatedOrganizationApi {
+interface AuthenticatedOrganizationApi {
     /**
      * Enrolls this user in the organization's password reset.
      */
@@ -39,12 +38,4 @@ internal interface AuthenticatedOrganizationApi {
     suspend fun getOrganizationKeys(
         @Path("id") organizationId: String,
     ): NetworkResult<OrganizationKeysResponseJson>
-
-    /**
-     * Leaves the organization
-     */
-    @POST("/organizations/{id}/leave")
-    suspend fun leaveOrganization(
-        @Path("id") organizationId: String,
-    ): NetworkResult<Unit>
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/HaveIBeenPwnedApi.kt

@@ -1,6 +1,6 @@
-package com.bitwarden.network.api
+package com.x8bit.bitwarden.data.auth.datasource.network.api
 
-import com.bitwarden.network.model.NetworkResult
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import okhttp3.ResponseBody
 import retrofit2.http.GET
 import retrofit2.http.Path
@@ -9,7 +9,7 @@ import retrofit2.http.Path
  * Defines endpoints for the "have I been pwned" API. For docs see
  * https://haveibeenpwned.com/API/v2.
  */
-internal interface HaveIBeenPwnedApi {
+interface HaveIBeenPwnedApi {
 
     @GET("/range/{hashPrefix}")
     suspend fun fetchBreachedPasswords(

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAccountsApi.kt

@@ -1,11 +1,11 @@
-package com.bitwarden.network.api
+package com.x8bit.bitwarden.data.auth.datasource.network.api
 
-import com.bitwarden.network.model.KeyConnectorKeyRequestJson
-import com.bitwarden.network.model.NetworkResult
-import com.bitwarden.network.model.PasswordHintRequestJson
-import com.bitwarden.network.model.ResendEmailRequestJson
-import com.bitwarden.network.model.ResendNewDeviceOtpRequestJson
-import com.bitwarden.network.util.HEADER_KEY_AUTHORIZATION
+import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorKeyRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendNewDeviceOtpRequestJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
+import com.x8bit.bitwarden.data.platform.datasource.network.util.HEADER_KEY_AUTHORIZATION
 import retrofit2.http.Body
 import retrofit2.http.Header
 import retrofit2.http.POST
@@ -13,7 +13,7 @@ import retrofit2.http.POST
 /**
  * Defines raw calls under the /accounts API.
  */
-internal interface UnauthenticatedAccountsApi {
+interface UnauthenticatedAccountsApi {
     @POST("/accounts/password-hint")
     suspend fun passwordHintRequest(
         @Body body: PasswordHintRequestJson,

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAuthRequestsApi.kt

@@ -1,8 +1,8 @@
-package com.bitwarden.network.api
+package com.x8bit.bitwarden.data.auth.datasource.network.api
 
-import com.bitwarden.network.model.AuthRequestRequestJson
-import com.bitwarden.network.model.AuthRequestsResponseJson
-import com.bitwarden.network.model.NetworkResult
+import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestsResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.GET
 import retrofit2.http.Header
@@ -13,7 +13,7 @@ import retrofit2.http.Query
 /**
  * Defines unauthenticated raw calls under the /auth-requests API.
  */
-internal interface UnauthenticatedAuthRequestsApi {
+interface UnauthenticatedAuthRequestsApi {
 
     /**
      * Notifies the server of a new authentication request.

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedDevicesApi.kt

@@ -1,13 +1,13 @@
-package com.bitwarden.network.api
+package com.x8bit.bitwarden.data.auth.datasource.network.api
 
-import com.bitwarden.network.model.NetworkResult
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.GET
 import retrofit2.http.Header
 
 /**
  * Defines raw calls under the /devices API that do not require authentication.
  */
-internal interface UnauthenticatedDevicesApi {
+interface UnauthenticatedDevicesApi {
     @GET("/devices/knowndevice")
     suspend fun getIsKnownDevice(
         @Header(value = "X-Request-Email") emailAddress: String,

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedIdentityApi.kt

@@ -1,16 +1,16 @@
-package com.bitwarden.network.api
+package com.x8bit.bitwarden.data.auth.datasource.network.api
 
-import com.bitwarden.network.model.GetTokenResponseJson
-import com.bitwarden.network.model.NetworkResult
-import com.bitwarden.network.model.PreLoginRequestJson
-import com.bitwarden.network.model.PreLoginResponseJson
-import com.bitwarden.network.model.PrevalidateSsoResponseJson
-import com.bitwarden.network.model.RefreshTokenResponseJson
-import com.bitwarden.network.model.RegisterFinishRequestJson
-import com.bitwarden.network.model.RegisterRequestJson
-import com.bitwarden.network.model.RegisterResponseJson
-import com.bitwarden.network.model.SendVerificationEmailRequestJson
-import com.bitwarden.network.model.VerifyEmailTokenRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.GetTokenResponseJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.PreLoginRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.PreLoginResponseJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.PrevalidateSsoResponseJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.RefreshTokenResponseJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterFinishRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterResponseJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.SendVerificationEmailRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenRequestJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import kotlinx.serialization.json.JsonPrimitive
 import retrofit2.Call
 import retrofit2.http.Body
@@ -24,7 +24,7 @@ import retrofit2.http.Query
 /**
  * Defines raw calls under the /identity API.
  */
-internal interface UnauthenticatedIdentityApi {
+interface UnauthenticatedIdentityApi {
 
     @POST("/connect/token")
     @Suppress("LongParameterList")
@@ -53,7 +53,7 @@ internal interface UnauthenticatedIdentityApi {
     @GET("/sso/prevalidate")
     suspend fun prevalidateSso(
         @Query("domainHint") organizationIdentifier: String,
-    ): NetworkResult<PrevalidateSsoResponseJson.Success>
+    ): NetworkResult<PrevalidateSsoResponseJson>
 
     /**
      * This call needs to be synchronous so we need it to return a [Call] directly. The identity

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedKeyConnectorApi.kt

@@ -1,10 +1,10 @@
-package com.bitwarden.network.api
+package com.x8bit.bitwarden.data.auth.datasource.network.api
 
 import androidx.annotation.Keep
-import com.bitwarden.network.model.KeyConnectorMasterKeyRequestJson
-import com.bitwarden.network.model.KeyConnectorMasterKeyResponseJson
-import com.bitwarden.network.model.NetworkResult
-import com.bitwarden.network.util.HEADER_KEY_AUTHORIZATION
+import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
+import com.x8bit.bitwarden.data.platform.datasource.network.util.HEADER_KEY_AUTHORIZATION
 import retrofit2.http.Body
 import retrofit2.http.GET
 import retrofit2.http.Header
@@ -15,7 +15,7 @@ import retrofit2.http.Url
  * Defines raw calls specific for key connectors that use custom urls.
  */
 @Keep
-internal interface UnauthenticatedKeyConnectorApi {
+interface UnauthenticatedKeyConnectorApi {
     @POST
     suspend fun storeMasterKeyToKeyConnector(
         @Url url: String,

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedOrganizationApi.kt

@@ -0,0 +1,30 @@
+package com.x8bit.bitwarden.data.auth.datasource.network.api
+
+import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsResponseJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsRequest
+import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsResponse
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
+import retrofit2.http.Body
+import retrofit2.http.POST
+
+/**
+ * Defines raw calls under the /organizations API.
+ */
+interface UnauthenticatedOrganizationApi {
+    /**
+     * Checks for the claimed domain organization of an email for SSO purposes.
+     */
+    @POST("/organizations/domain/sso/details")
+    suspend fun getClaimedDomainOrganizationDetails(
+        @Body body: OrganizationDomainSsoDetailsRequestJson,
+    ): NetworkResult<OrganizationDomainSsoDetailsResponseJson>
+
+    /**
+     * Checks for the verfied organization domains of an email for SSO purposes.
+     */
+    @POST("/organizations/domain/sso/verified")
+    suspend fun getVerifiedOrganizationDomainsByEmail(
+        @Body body: VerifiedOrganizationDomainSsoDetailsRequest,
+    ): NetworkResult<VerifiedOrganizationDomainSsoDetailsResponse>
+}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/di/AuthNetworkModule.kt

@@ -0,0 +1,102 @@
+package com.x8bit.bitwarden.data.auth.datasource.network.di
+
+import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
+import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsServiceImpl
+import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsService
+import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsServiceImpl
+import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
+import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesServiceImpl
+import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedService
+import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedServiceImpl
+import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityService
+import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityServiceImpl
+import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestService
+import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestServiceImpl
+import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationService
+import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationServiceImpl
+import com.x8bit.bitwarden.data.platform.datasource.network.retrofit.Retrofits
+import dagger.Module
+import dagger.Provides
+import dagger.hilt.InstallIn
+import dagger.hilt.components.SingletonComponent
+import kotlinx.serialization.json.Json
+import retrofit2.create
+import javax.inject.Singleton
+
+/**
+ * Provides network dependencies in the auth package.
+ */
+@Module
+@InstallIn(SingletonComponent::class)
+object AuthNetworkModule {
+
+    @Provides
+    @Singleton
+    fun providesAccountService(
+        retrofits: Retrofits,
+        json: Json,
+    ): AccountsService = AccountsServiceImpl(
+        unauthenticatedAccountsApi = retrofits.unauthenticatedApiRetrofit.create(),
+        authenticatedAccountsApi = retrofits.authenticatedApiRetrofit.create(),
+        unauthenticatedKeyConnectorApi = retrofits.createStaticRetrofit().create(),
+        authenticatedKeyConnectorApi = retrofits
+            .createStaticRetrofit(isAuthenticated = true)
+            .create(),
+        json = json,
+    )
+
+    @Provides
+    @Singleton
+    fun providesAuthRequestsService(
+        retrofits: Retrofits,
+    ): AuthRequestsService = AuthRequestsServiceImpl(
+        authenticatedAuthRequestsApi = retrofits.authenticatedApiRetrofit.create(),
+    )
+
+    @Provides
+    @Singleton
+    fun providesDevicesService(
+        retrofits: Retrofits,
+    ): DevicesService = DevicesServiceImpl(
+        authenticatedDevicesApi = retrofits.authenticatedApiRetrofit.create(),
+        unauthenticatedDevicesApi = retrofits.unauthenticatedApiRetrofit.create(),
+    )
+
+    @Provides
+    @Singleton
+    fun providesIdentityService(
+        retrofits: Retrofits,
+        json: Json,
+    ): IdentityService = IdentityServiceImpl(
+        unauthenticatedIdentityApi = retrofits.unauthenticatedIdentityRetrofit.create(),
+        json = json,
+    )
+
+    @Provides
+    @Singleton
+    fun providesHaveIBeenPwnedService(
+        retrofits: Retrofits,
+    ): HaveIBeenPwnedService = HaveIBeenPwnedServiceImpl(
+        api = retrofits
+            .createStaticRetrofit(baseUrl = "https://api.pwnedpasswords.com")
+            .create(),
+    )
+
+    @Provides
+    @Singleton
+    fun providesNewAuthRequestService(
+        retrofits: Retrofits,
+    ): NewAuthRequestService = NewAuthRequestServiceImpl(
+        authenticatedAuthRequestsApi = retrofits.authenticatedApiRetrofit.create(),
+        unauthenticatedAuthRequestsApi = retrofits.unauthenticatedApiRetrofit.create(),
+    )
+
+    @Provides
+    @Singleton
+    fun providesOrganizationService(
+        retrofits: Retrofits,
+    ): OrganizationService = OrganizationServiceImpl(
+        authenticatedOrganizationApi = retrofits.authenticatedApiRetrofit.create(),
+        unauthenticatedOrganizationApi = retrofits.unauthenticatedApiRetrofit.create(),
+    )
+}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/AuthRequestRequestJson.kt

@@ -1,4 +1,4 @@
-package com.bitwarden.network.model
+package com.x8bit.bitwarden.data.auth.datasource.network.model
 
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/AuthRequestTypeJson.kt

@@ -1,7 +1,7 @@
-package com.bitwarden.network.model
+package com.x8bit.bitwarden.data.auth.datasource.network.model
 
 import androidx.annotation.Keep
-import com.bitwarden.core.data.serializer.BaseEnumeratedIntSerializer
+import com.x8bit.bitwarden.data.platform.datasource.network.serializer.BaseEnumeratedIntSerializer
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
 

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/AuthRequestUpdateRequestJson.kt

@@ -1,4 +1,4 @@
-package com.bitwarden.network.model
+package com.x8bit.bitwarden.data.auth.datasource.network.model
 
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/AuthRequestsResponseJson.kt

@@ -1,4 +1,4 @@
-package com.bitwarden.network.model
+package com.x8bit.bitwarden.data.auth.datasource.network.model
 
 import kotlinx.serialization.Contextual
 import kotlinx.serialization.SerialName

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/CreateAccountKeysRequest.kt

@@ -1,4 +1,4 @@
-package com.bitwarden.network.model
+package com.x8bit.bitwarden.data.auth.datasource.network.model
 
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/DeleteAccountRequestJson.kt

@@ -1,4 +1,4 @@
-package com.bitwarden.network.model
+package com.x8bit.bitwarden.data.auth.datasource.network.model
 
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/DeleteAccountResponseJson.kt

@@ -1,4 +1,4 @@
-package com.bitwarden.network.model
+package com.x8bit.bitwarden.data.auth.datasource.network.model
 
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
@@ -16,27 +16,13 @@ sealed class DeleteAccountResponseJson {
     /**
      * Models the json body of a deletion error.
      *
-     * @param errorMessage a human readable error message.
      * @param validationErrors a map where each value is a list of error messages for each key.
      * The values in the array should be used for display to the user, since the keys tend to come
      * back as nonsense. (eg: empty string key)
      */
     @Serializable
     data class Invalid(
-        @SerialName("message")
-        private val errorMessage: String?,
-
         @SerialName("validationErrors")
-        private val validationErrors: Map<String, List<String?>>?,
-    ) : DeleteAccountResponseJson() {
-        /**
-         * A human readable error message.
-         */
-        val message: String?
-            get() = validationErrors
-                ?.values
-                ?.firstOrNull()
-                ?.firstOrNull()
-                ?: errorMessage
-    }
+        val validationErrors: Map<String, List<String?>>?,
+    ) : DeleteAccountResponseJson()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/GetTokenResponseJson.kt

@@ -1,9 +1,7 @@
-package com.bitwarden.network.model
+package com.x8bit.bitwarden.data.auth.datasource.network.model
 
-import kotlinx.serialization.ExperimentalSerializationApi
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
-import kotlinx.serialization.json.JsonNames
 import kotlinx.serialization.json.JsonObject
 
 /**
@@ -94,21 +92,20 @@ sealed class GetTokenResponseJson {
 
     /**
      * Models json body of an invalid request.
-     *
-     * This model supports older versions of the error response model that used lower-case keys.
      */
-    @OptIn(ExperimentalSerializationApi::class)
     @Serializable
     data class Invalid(
-        @JsonNames("errorModel")
         @SerialName("ErrorModel")
-        private val errorModel: ErrorModel?,
+        val errorModel: ErrorModel?,
+        @SerialName("errorModel")
+        val legacyErrorModel: LegacyErrorModel?,
     ) : GetTokenResponseJson() {
 
         /**
          * The error message returned from the server, or null.
          */
-        val errorMessage: String? get() = errorModel?.errorMessage
+        val errorMessage: String?
+            get() = errorModel?.errorMessage ?: legacyErrorModel?.errorMessage
 
         /**
          * The type of invalid responses that can be received.
@@ -119,11 +116,6 @@ sealed class GetTokenResponseJson {
              */
             data object NewDeviceVerification : InvalidType()
 
-            /**
-             * Represents an invalid response indicating that a new device verification is required.
-             */
-            data object EncryptionKeyMigrationRequired : InvalidType()
-
             /**
              * Represents generic invalid response
              */
@@ -133,28 +125,30 @@ sealed class GetTokenResponseJson {
         val invalidType: InvalidType
             get() = if (errorMessage?.lowercase() == "new device verification required") {
                 InvalidType.NewDeviceVerification
-            } else if (errorMessage
-                ?.lowercase()
-                ?.contains(
-                    "encryption key migration is required. please log in to the web vault at",
-                ) == true) {
-                    InvalidType.EncryptionKeyMigrationRequired
             } else {
                 InvalidType.GenericInvalid
             }
 
         /**
          * The error body of an invalid request containing a message.
-         *
-         * This model supports older versions of the error response model that used lower-case
-         * keys.
          */
         @Serializable
         data class ErrorModel(
-            @JsonNames("message")
             @SerialName("Message")
             val errorMessage: String,
         )
+
+        /**
+         * The legacy error body of an invalid request containing a message.
+         *
+         * This model is used to support older versions of the error response model that used
+         * lower-case keys.
+         */
+        @Serializable
+        data class LegacyErrorModel(
+            @SerialName("message")
+            val errorMessage: String,
+        )
     }
 
     /**

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/IdentityTokenAuthModel.kt

@@ -1,4 +1,4 @@
-package com.bitwarden.network.model
+package com.x8bit.bitwarden.data.auth.datasource.network.model
 
 /**
  * Hold the authentication information for different login methods.