[PM-21357] Migrate ModifierExtensions to ui module (#5215 )

[PM-21386] Fix typo in sync with Bitwarden message (#5220 )
PM-21080: Remove the isRemotelyConfigured flag (#5193 )
2026-05-09 13:29:18 -05:00 · 2025-05-19 20:02:52 +00:00 · 2025-05-19 17:26:09 +00:00 · 2025-05-19 15:56:19 +00:00 · 2025-05-19 14:48:26 +00:00 · 2025-05-19 13:19:16 +00:00
1718 changed files with 115056 additions and 103157 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -5,7 +5,7 @@
 # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners

 # Default file owners.
-* @bitwarden/team-android @brian-livefront @david-livefront @dseverns-livefront @ahaisting-livefront @phil-livefront
+* @bitwarden/team-android @brian-livefront @david-livefront

 # Actions and workflow changes.
 .github/ @bitwarden/dept-development-mobile
--- a/.github/ISSUE_TEMPLATE/bug-passkey.yml
+++ b/.github/ISSUE_TEMPLATE/bug-passkey.yml
@@ -0,0 +1,64 @@
+name: Passkey Bug Report
+description: File a Passkey / FIDO2 related bug report
+labels: [ "app:password-manager", "bug-passkey" ]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this Passkey-related bug report!
+
+        Please provide as much detail as possible to help us investigate the issue.
+
+  - type: dropdown
+    id: origin
+    attributes:
+      label: Origin
+      description: Are you using a web browser or a native application?
+      options:
+        - Web (Browser)
+        - Native Application (non-browser app)
+    validations:
+      required: true
+
+  - type: input
+    id: rp-id
+    attributes:
+      label: Web URL or App name
+      description: The website domain or app name you were trying to use the Passkey with
+      placeholder: "e.g. example.com or ExampleApp"
+    validations:
+      required: true
+
+  - type: checkboxes
+    id: operation-type
+    attributes:
+      label: Passkey Action
+      description: What passkey related action(s) were you trying to perform?
+      options:
+        - label: Creating new passkey (Registration)
+        - label: Signing in (Authentication)
+    validations:
+      required: true
+
+  - type: textarea
+    id: build-info
+    attributes:
+      label: Build Information
+      description: Please retrieve the build information from the About screen by tapping the Version number field
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-info
+    attributes:
+      label: Additional Information
+      description: Any additional context, steps to reproduce, error messages, or relevant information about the issue
+
+  - type: checkboxes
+    id: issue-tracking-info
+    attributes:
+      label: Issue Tracking Info
+      description: |
+        Issue tracking information
+      options:
+        - label: I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,33 +1,56 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["github>bitwarden/renovate-config"],
-  "enabledManagers": ["github-actions", "gradle", "bundler"],
+  "extends": [
+    "github>bitwarden/renovate-config"
+  ],
+  "enabledManagers": [
+    "github-actions",
+    "gradle",
+    "bundler"
+  ],
  "packageRules": [
    {
      "groupName": "gh minor",
-      "matchManagers": ["github-actions"],
-      "matchUpdateTypes": ["minor", "patch"]
+      "matchManagers": [
+        "github-actions"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ]
    },
    {
      "groupName": "gradle minor",
-      "matchUpdateTypes": ["minor", "patch"],
-      "matchManagers": ["gradle"]
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ],
+      "matchManagers": [
+        "gradle"
+      ]
    },
    {
      "groupName": "kotlin",
      "description": "Kotlin and Compose dependencies that must be updated together to maintain compatibility.",
-      "matchPackagePatterns": [
-        "androidx.compose:compose-bom",
-        "androidx.lifecycle:*",
-        "org.jetbrains.kotlin.*",
-        "com.google.devtools.ksp"
+      "matchManagers": [
+        "gradle"
      ],
-      "matchManagers": ["gradle"]
+      "matchPackageNames": [
+        "/androidx.compose:compose-bom/",
+        "/androidx.lifecycle:*/",
+        "/org.jetbrains.kotlin.*/",
+        "/com.google.devtools.ksp/"
+      ]
    },
    {
      "groupName": "bundler minor",
-      "matchUpdateTypes": ["minor", "patch"],
-      "matchManagers": ["bundler"]
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ],
+      "matchManagers": [
+        "bundler"
+      ]
    }
  ]
 }
--- a/.github/scripts/release-notes/linked_issues.py
+++ b/.github/scripts/release-notes/linked_issues.py
@@ -1,64 +0,0 @@
-import sys
-import subprocess
-from typing import List
-
-def create_linked_issue_comment(repo_owner: str, repo_name: str, release_name: str, release_link: str, pr_numbers: List[int]) -> str:
-    if len(pr_numbers) == 0:
-        return ""
-
-    pr_links = [f"* https://github.com/{repo_owner}/{repo_name}/pull/{pr_number}" for pr_number in pr_numbers]
-
-    return f":shipit: Pull Request(s) linked to this issue released in [{release_name}]({release_link}):\n\n"+ "\n".join(pr_links)
-
-def comment_linked_issues_in_pr(owner: str, repo: str, pr_number: int) -> None:
-    """Use GitHub CLI to comment all issues linked to a PR.
-    """
-
-
-    linked_issues = get_linked_issues(owner, repo, pr_number)
-    for issue_number in linked_issues:
-        comment_github_issue(owner, repo, issue_number, comment)
-
-def comment_github_issue(owner: str, repo: str, issue_number: int, comment: str) -> None:
-    """Use GitHub CLI to comment on an issue.
-    """
-    subprocess.run([
-        'gh', 'issue', 'comment', str(issue_number), '--body', comment, '--repo', f'{owner}/{repo}'
-    ], check=True)
-
-def get_linked_issues(owner: str, repo: str, pr_number: int) -> List[int]:
-    """Use GitHub CLI to retrieve linked issue numbers for a PR.
-    """
-
-    query = """
-    query ($owner: String!, $repo: String!, $pr: Int!) {
-        repository(owner: $owner, name: $repo) {
-            pullRequest(number: $pr) {
-                closingIssuesReferences(first: 100) {
-                    nodes {
-                        number
-                    }
-                }
-            }
-        }
-    }
-    """
-
-    try:
-        result = subprocess.run([
-            'gh', 'api', 'graphql',
-            '-F', f'owner={owner}',
-            '-F', f'repo={repo}',
-            '-F', f'pr={pr_number}',
-            '-f', f'query={query}',
-            '--jq', '.data.repository.pullRequest.closingIssuesReferences.nodes[].number'
-        ], capture_output=True, text=True, check=True)
-
-        # Split output into lines and convert to integers
-        if result.stdout.strip():
-            return [int(num) for num in result.stdout.strip().split('\n')]
-        return []
-
-    except subprocess.CalledProcessError:
-        print(f"Error fetching linked issues for PR #{pr_number}")
-        return []
--- a/.github/scripts/release-notes/process_release_notes.py
+++ b/.github/scripts/release-notes/process_release_notes.py
@@ -1,112 +0,0 @@
-import re
-import sys
-import subprocess
-import json
-from typing import List, Tuple
-
-def extract_jira_tickets(line: str) -> List[str]:
-    # Find all Jira tickets in format ABC-123 (with any prefix/suffix)
-    return re.findall(r'[A-Z]+-\d+', line)
-
-def extract_pr_numbers(line: str) -> List[str]:
-    # Match PR numbers from GitHub format (#123)
-    return re.findall(r'#(\d+)', line)
-
-def process_line(line: str) -> str:
-    """Process a single line from release notes by removing Jira tickets, conventional commit prefixes and other common patterns.
-
-    Args:
-        line: A single line from release notes
-
-    Returns:
-        Processed line with tickets and prefixes removed
-
-    Example:
-        >>> process_line("[ABC-123] feat(ui): Add new button")
-        "Add new button"
-    """
-    original = line
-
-    # Remove Jira ticket patterns:
-    # line = re.sub(r'\[[A-Z]+-\d+\]', '', line) # [ABC-123] -> ""
-    # line = re.sub(r'[A-Z]+-\d+:\s', '', line) # ABC-123: -> ""
-    # line = re.sub(r'[A-Z]+-\d+\s-\s', '', line) # ABC-123 - -> ""
-
-    # Remove keywords and their variations
-    patterns = [
-        r'BACKPORT',              # BACKPORT -> ""
-        r'[deps]:',               # [deps]: -> ""
-        r'feat(?:\([^)]*\))?:',   # feat: or feat(ui): -> ""
-        r'bug(?:\([^)]*\))?:',    # bug: or bug(core): -> ""
-        r'ci(?:\([^)]*\))?:'      # ci: or ci(workflow): -> ""
-    ]
-    for pattern in patterns:
-        line = re.sub(pattern, '', line)
-
-    cleaned = line.strip()
-    if cleaned != original.strip():
-        print(f"Processed: {original.strip()} -> {cleaned}")
-    return cleaned
-
-def process_file(input_file: str) -> Tuple[List[str], List[str], List[str]]:
-    jira_tickets: List[str] = []
-    pr_numbers: List[str] = []
-    processed_lines: List[str] = []
-
-    print("Processing file: ", input_file)
-
-    with open(input_file, 'r') as f:
-        for line in f:
-            line = line.strip()
-            should_process = line and not line.endswith(':')
-
-            if should_process:
-                tickets = extract_jira_tickets(line)
-                jira_tickets.extend(tickets)
-
-                prs = extract_pr_numbers(line)
-                pr_numbers.extend(prs)
-                processed_lines.append(process_line(line))
-            else:
-                processed_lines.append(line)
-
-
-    # Remove duplicates while preserving order
-    jira_tickets = list(dict.fromkeys(jira_tickets))
-    pr_numbers = list(dict.fromkeys(pr_numbers))
-
-    print("Jira tickets:", ",".join(jira_tickets))
-    print("PR numbers:", ",".join(pr_numbers))
-    print("Finished processing file: ", input_file)
-    return jira_tickets, pr_numbers, processed_lines
-
-def save_results(jira_tickets: List[str], pr_numbers: List[str], processed_lines: List[str],
-                jira_file: str = 'jira_tickets.txt',
-                pr_file: str = 'pr_numbers.txt',
-                processed_file: str = 'processed_notes.txt') -> None:
-    with open(jira_file, 'w') as f:
-        f.write('\n'.join(jira_tickets))
-
-    with open(pr_file, 'w') as f:
-        f.write('\n'.join(pr_numbers))
-
-    with open(processed_file, 'w') as f:
-        f.write('\n'.join(processed_lines))
-
-if __name__ == '__main__':
-    input_file = 'release_notes.txt'
-    jira_file = 'jira_tickets.txt'
-    pr_file = 'pr_numbers.txt'
-    processed_file = 'processed_notes.txt'
-
-    if len(sys.argv) >= 2:
-        input_file = sys.argv[1]
-    if len(sys.argv) >= 3:
-        jira_file = sys.argv[2]
-    if len(sys.argv) >= 4:
-        pr_file = sys.argv[3]
-    if len(sys.argv) >= 5:
-        processed_file = sys.argv[4]
-
-    jira_tickets, pr_numbers, processed_lines = process_file(input_file)
-    save_results(jira_tickets, pr_numbers, processed_lines, jira_file, pr_file, processed_file)
--- a/.github/scripts/release-notes/pyproject.toml
+++ b/.github/scripts/release-notes/pyproject.toml
@@ -1,4 +0,0 @@
-[project]
-name = "release-notes-processor"
-description = "Process GitHub release notes to clean up formatting and extract relevant IDs."
-requires-python = ">=3.13"
--- a/.github/scripts/release-notes/test_linked_issues.py
+++ b/.github/scripts/release-notes/test_linked_issues.py
@@ -1,30 +0,0 @@
-import unittest
-from linked_issues import get_linked_issues, create_linked_issue_comment
-
-class TestLinkedIssues(unittest.TestCase):
-    def test_create_linked_issue_comment(self):
-        test_cases = [
-            ("bitwarden", "android", "v2025.1.0", "https://github.com/bitwarden/android/releases/tag/v2025.1.0", [4696]),
-            ("bitwarden", "android", "v2025.2.0", "https://github.com/bitwarden/android/releases/tag/v2025.2.0", [4809, 1, 2, 3]),
-            ("bitwarden", "android", "v2025.3.0", "https://github.com/bitwarden/android/releases/tag/v2025.3.0", []),
-        ]
-
-        for owner, repo, release_name, release_link, pr_numbers in test_cases:
-            with self.subTest(msg=f"Creating comment for issue in release {release_name}"):
-                comment = create_linked_issue_comment(owner, repo, release_name, release_link, pr_numbers)
-                print(comment + "\n")
-
-    def test_get_linked_issues(self):
-        test_cases = [
-            ("bitwarden", "android", 4696, [4659]),
-            ("bitwarden", "android", 4809, [])
-        ]
-
-        for owner, repo, pr_id, expected_linked_issues in test_cases:
-            with self.subTest(msg=f"Testing PR #{pr_id} for {owner}/{repo}"):
-                result = get_linked_issues(owner, repo, pr_id)
-                self.assertEqual(sorted(result), sorted(expected_linked_issues))
-
-
-if __name__ == '__main__':
-    unittest.main()
--- a/.github/scripts/release-notes/test_process_release_notes.py
+++ b/.github/scripts/release-notes/test_process_release_notes.py
@@ -1,95 +0,0 @@
-import unittest
-import tempfile
-import os
-from process_release_notes import extract_jira_tickets, extract_pr_numbers, process_line, process_file, get_linked_issues
-
-class TestProcessReleaseNotes(unittest.TestCase):
-    def setUp(self):
-        self.test_file = tempfile.NamedTemporaryFile(delete=False)
-
-    def tearDown(self):
-        os.unlink(self.test_file.name)
-
-    def test_extract_jira_tickets(self):
-        test_cases = [
-            ("[ABC-123] Some text", ["ABC-123"]),
-            ("DEF-456: Some text", ["DEF-456"]),
-            ("GHI-789 - Some text", ["GHI-789"]),
-            ("Multiple [ABC-123] and DEF-456: tickets", ["ABC-123", "DEF-456"]),
-            ("No tickets here", []),
-            ("Mixed formats ABC-123 [DEF-456] GHI-789:", ["ABC-123", "DEF-456", "GHI-789"])
-        ]
-        for input_text, expected in test_cases:
-            with self.subTest(input_text=input_text):
-                result = extract_jira_tickets(input_text)
-                self.assertEqual(result, expected)
-
-    def test_extract_pr_numbers(self):
-        test_cases = [
-            ("PR #123 text", ["123"]),
-            ("Multiple PRs #456 and #789", ["456", "789"]),
-            ("No PR numbers", [])
-        ]
-        for input_text, expected in test_cases:
-            with self.subTest(input_text=input_text):
-                result = extract_pr_numbers(input_text)
-                self.assertEqual(result, expected)
-
-    def test_process_line(self):
-        test_cases = [
-            ("[ABC-123] BACKPORT Some text", "Some text"),
-            ("DEF-456: feat(component): Some text", "Some text"),
-            ("GHI-789 - bug(fix): Some text", "Some text"),
-            ("ci: Some text", "Some text"),
-            ("ci(workflow): Some text", "Some text"),
-            ("feat: Direct feature", "Direct feature"),
-            ("bug: Simple bugfix", "Simple bugfix"),
-            ("Normal text", "Normal text")
-        ]
-        for input_text, expected in test_cases:
-            with self.subTest(input_text=input_text):
-                result = process_line(input_text)
-                self.assertEqual(result, expected)
-
-    def test_process_file(self):
-        content = """
-### Features:
-[ABC-123] feat(comp): Feature 1 #123
-DEF-456: bug(fix): Bug fix #456
-GHI-789 - BACKPORT Some text #789
-
-### Bug Fixes:
-Another line without changes
-"""
-        with open(self.test_file.name, 'w') as f:
-            f.write(content)
-
-        jira_tickets, pr_numbers, processed_lines = process_file(self.test_file.name)
-
-        self.assertEqual(jira_tickets, ["ABC-123", "DEF-456", "GHI-789"])
-        self.assertEqual(pr_numbers, ["123", "456", "789"])
-        self.assertEqual(processed_lines, [
-            '',
-            '### Features:',
-            'Feature 1 #123',
-            'Bug fix #456',
-            'Some text #789',
-            '',
-            '### Bug Fixes:',
-            'Another line without changes'
-        ])
-
-    def test_get_linked_issues(self):
-        test_cases = [
-            ("bitwarden", "android", 4696, [4659]),
-            ("bitwarden", "android", 4809, [])
-        ]
-
-        for owner, repo, pr_id, expected_linked_issues in test_cases:
-            with self.subTest(msg=f"Testing PR #{pr_id} for {owner}/{repo}"):
-                result = get_linked_issues(owner, repo, pr_id)
-                self.assertEqual(sorted(result), sorted(expected_linked_issues))
-
-
-if __name__ == '__main__':
-    unittest.main()
--- a/.github/scripts/validate-json/.python-version
+++ b/.github/scripts/validate-json/.python-version
@@ -0,0 +1 @@
+3.13
--- a/.github/scripts/validate-json/README.md
+++ b/.github/scripts/validate-json/README.md
@@ -0,0 +1,39 @@
+# JSON Validation Scripts
+
+Utility scripts for validating JSON files and checking for duplicate package names between Google and Community privileged browser lists.
+
+## Usage
+
+### Validate a JSON file
+
+```bash
+python validate_json.py validate <json_file>
+```
+
+### Check for duplicates between two JSON files
+
+```bash
+python validate_json.py duplicates <json_file1> <json_file2> [output_file]
+```
+
+If `output_file` is not specified, duplicates will be saved to `duplicates.txt`.
+
+## Running Tests
+
+```bash
+# Run all tests
+python -m unittest test_validate_json.py
+
+# Run the invalid JSON test individually
+python -m unittest test_validate_json.TestValidateJson.test_validate_json_invalid
+```
+
+## Examples
+
+```bash
+# Validate Google privileged browsers list
+python validate_json.py validate ../../app/src/main/assets/fido2_privileged_google.json
+
+# Check for duplicates between Google and Community lists
+python validate_json.py duplicates ../../app/src/main/assets/fido2_privileged_google.json ../../app/src/main/assets/fido2_privileged_community.json duplicates.txt
+```
--- a/.github/scripts/validate-json/fixtures/sample-invalid.json
+++ b/.github/scripts/validate-json/fixtures/sample-invalid.json
@@ -0,0 +1,20 @@
+{
+  "apps": [
+
+      "type": "android",
+      "info": {
+        "package_name": "com.android.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    }
+  ]
+}
--- a/.github/scripts/validate-json/fixtures/sample-valid1.json
+++ b/.github/scripts/validate-json/fixtures/sample-valid1.json
@@ -0,0 +1,48 @@
+{
+  "apps": [
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.android.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.chrome.dev",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "90:44:EE:5F:EE:4B:BC:5E:21:DD:44:66:54:31:C4:EB:1F:1F:71:A3:27:16:A0:BC:92:7B:CB:B3:92:33:CA:BF"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.chrome.canary",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "DF:A1:FB:23:EF:BF:70:C5:BC:D1:44:3C:5B:EA:B0:4F:3F:2F:F4:36:6E:9A:C1:E3:45:76:39:A2:4C:FC"
+          }
+        ]
+      }
+    }
+  ]
+}
--- a/.github/scripts/validate-json/fixtures/sample-valid2.json
+++ b/.github/scripts/validate-json/fixtures/sample-valid2.json
@@ -0,0 +1,20 @@
+{
+  "apps": [
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.chromium.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C6:AD:B8:B8:3C:6D:4C:17:D2:92:AF:DE:56:FD:48:8A:51:D3:16:FF:8F:2C:11:C5:41:02:23:BF:F8:A7:DB:B3"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    }
+  ]
+}
--- a/.github/scripts/validate-json/test_validate_json.py
+++ b/.github/scripts/validate-json/test_validate_json.py
@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+import unittest
+import os
+import json
+from validate_json import validate_json, find_duplicates, get_package_names
+from unittest.mock import patch
+import io
+
+
+class TestValidateJson(unittest.TestCase):
+    def setUp(self):
+        self.valid_file = os.path.join(os.path.dirname(__file__), "fixtures/sample-valid1.json")
+        self.valid_file2 = os.path.join(os.path.dirname(__file__), "fixtures/sample-valid2.json")
+        self.invalid_file = os.path.join(os.path.dirname(__file__), "fixtures/sample-invalid.json")
+
+        # Suppress stdout
+        self.stdout_patcher = patch('sys.stdout', new=io.StringIO())
+        self.stdout_patcher.start()
+
+    def tearDown(self):
+        self.stdout_patcher.stop()
+
+    def test_validate_json_valid(self):
+        """Test validation of valid JSON file"""
+        self.assertTrue(validate_json(self.valid_file))
+
+    def test_validate_json_invalid(self):
+        """Test validation of invalid JSON file"""
+        self.assertFalse(validate_json(self.invalid_file))
+
+    def test_find_duplicates(self):
+        """Test when using the same file (should find duplicates)"""
+        expected_package_names = get_package_names(self.valid_file)
+
+        duplicates = find_duplicates(self.valid_file, self.valid_file)
+
+        self.assertEqual(len(duplicates), len(expected_package_names))
+        for package_name in expected_package_names:
+            self.assertIn(package_name, duplicates)
+
+    def test_find_duplicates_returns_empty_list_when_no_duplicates(self):
+        """Test when using different files (should not find duplicates)"""
+        duplicates = find_duplicates(self.valid_file, self.valid_file2)
+        self.assertEqual(len(duplicates), 0)
+
+
+if __name__ == "__main__":
+    unittest.main()
--- a/.github/scripts/validate-json/validate_json.py
+++ b/.github/scripts/validate-json/validate_json.py
@@ -0,0 +1,145 @@
+#!/usr/bin/env python3
+import json
+import sys
+import os
+from typing import List, Dict, Any, Set
+
+
+def get_package_names(file_path: str) -> Set[str]:
+    """
+    Extracts package names from a JSON file.
+
+    Args:
+        file_path: Path to the JSON file
+
+    Returns:
+        Set of package names
+    """
+    with open(file_path, 'r') as f:
+        data = json.load(f)
+
+    package_names = set()
+    for app in data["apps"]:
+        package_names.add(app["info"]["package_name"])
+
+    return package_names
+
+
+def validate_json(file_path: str) -> bool:
+    """
+    Validates if a JSON file is correctly formatted by attempting to deserialize it.
+
+    Args:
+        file_path: Path to the JSON file to validate
+
+    Returns:
+        True if valid, False otherwise
+    """
+    try:
+        if not os.path.exists(file_path):
+            print(f"Error: File {file_path} does not exist")
+            return False
+
+        with open(file_path, 'r') as f:
+            json.load(f)
+        print(f"✅ JSON file {file_path} is valid")
+        return True
+    except json.JSONDecodeError as e:
+        print(f"❌ Invalid JSON in {file_path}: {str(e)}")
+        return False
+    except Exception as e:
+        print(f"❌ Error validating {file_path}: {str(e)}")
+        return False
+
+
+def find_duplicates(file1_path: str, file2_path: str) -> List[str]:
+    """
+    Checks for duplicate package_name entries between two JSON files.
+
+    Args:
+        file1_path: Path to the first JSON file
+        file2_path: Path to the second JSON file
+
+    Returns:
+        List of duplicate package names, empty list if none found
+    """
+    try:
+        # Get package names from both files
+        packages1 = get_package_names(file1_path)
+        packages2 = get_package_names(file2_path)
+
+        # Find duplicates
+        duplicates = list(packages1.intersection(packages2))
+
+        if duplicates:
+            print(f"❌ Found {len(duplicates)} duplicate package names between {file1_path} and {file2_path}:")
+            for dup in duplicates:
+                print(f"  - {dup}")
+            return duplicates
+        else:
+            print(f"✅ No duplicate package names found between {file1_path} and {file2_path}")
+            return []
+
+    except Exception as e:
+        print(f"❌ Error checking duplicates: {str(e)}")
+        return []
+
+
+def save_duplicates_to_file(duplicates: List[str], output_file: str) -> None:
+    """
+    Saves the list of duplicates to a file.
+
+    Args:
+        duplicates: List of duplicate package names
+        output_file: Path to save the list of duplicates
+    """
+    try:
+        with open(output_file, 'w') as f:
+            for dup in duplicates:
+                f.write(f"{dup}\n")
+        print(f"Duplicates saved to {output_file}")
+    except Exception as e:
+        print(f"❌ Error saving duplicates to file: {str(e)}")
+
+
+def main():
+    if len(sys.argv) < 2:
+        print("Usage:")
+        print("  Validate JSON: python validate_json.py validate <json_file>")
+        print("  Check duplicates: python validate_json.py duplicates <json_file1> <json_file2> [output_file]")
+        sys.exit(1)
+
+    command = sys.argv[1]
+
+    match command:
+        case "validate":
+            if len(sys.argv) < 3:
+                print("Error: Missing JSON file path")
+                sys.exit(1)
+
+            file_path = sys.argv[2]
+            success = validate_json(file_path)
+            sys.exit(0 if success else 1)
+
+        case "duplicates":
+            if len(sys.argv) < 4:
+                print("Error: Missing JSON file paths")
+                sys.exit(1)
+
+            file1_path = sys.argv[2]
+            file2_path = sys.argv[3]
+            output_file = sys.argv[4] if len(sys.argv) > 4 else "duplicates.txt"
+
+            duplicates = find_duplicates(file1_path, file2_path)
+            if duplicates:
+                save_duplicates_to_file(duplicates, output_file)
+
+            sys.exit(0)
+
+        case _:
+            print(f"Unknown command: {command}")
+            sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()
--- a/.github/workflows/build-authenticator.yml
+++ b/.github/workflows/build-authenticator.yml
@@ -39,10 +39,10 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ~/.gradle/caches
@@ -52,7 +52,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -61,13 +61,13 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
        with:
          bundler-cache: true

@@ -78,7 +78,7 @@ jobs:
          bundle install --jobs 4 --retry 3

      - name: Check Authenticator
-        run: bundle exec fastlane checkAuthenticator
+        run: bundle exec fastlane check

      - name: Build Authenticator
        run: bundle exec fastlane buildAuthenticatorDebug
@@ -98,7 +98,7 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
        with:
          bundler-cache: true

@@ -162,10 +162,10 @@ jobs:
          json_key:${{ github.workspace }}/secrets/authenticator_play_store-creds.json }}

      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ~/.gradle/caches
@@ -175,7 +175,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -184,7 +184,7 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}
@@ -224,7 +224,7 @@ jobs:

      - name: Upload release Play Store .aab artifact
        if: ${{ matrix.variant == 'aab' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.bitwarden.authenticator.aab
          path: authenticator/build/outputs/bundle/release/com.bitwarden.authenticator.aab
@@ -232,7 +232,7 @@ jobs:

      - name: Upload release .apk artifact
        if: ${{ matrix.variant == 'apk' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.bitwarden.authenticator.apk
          path: authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk
@@ -252,7 +252,7 @@ jobs:

      - name: Upload .apk SHA file for release
        if: ${{ matrix.variant == 'apk' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: authenticator-android-apk-sha256.txt
          path: ./authenticator-android-apk-sha256.txt
@@ -260,7 +260,7 @@ jobs:

      - name: Upload .aab SHA file for release
        if: ${{ matrix.variant == 'aab' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: authenticator-android-aab-sha256.txt
          path: ./authenticator-android-aab-sha256.txt
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -40,10 +40,10 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ~/.gradle/caches
@@ -53,7 +53,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -62,13 +62,13 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
        with:
          bundler-cache: true

@@ -85,7 +85,7 @@ jobs:
        run: bundle exec fastlane assembleDebugApks

      - name: Upload test reports on failure
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        if: failure()
        with:
          name: test-reports
@@ -106,7 +106,7 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
        with:
          bundler-cache: true

@@ -157,10 +157,10 @@ jobs:
          --name app_play_prod_firebase-creds.json --file ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json --output none

      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ~/.gradle/caches
@@ -170,7 +170,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -179,7 +179,7 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}
@@ -253,7 +253,7 @@ jobs:

      - name: Upload release Play Store .aab artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.aab
          path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden.aab
@@ -261,7 +261,7 @@ jobs:

      - name: Upload beta Play Store .aab artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta.aab
          path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden.beta.aab
@@ -269,7 +269,7 @@ jobs:

      - name: Upload release .apk artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.apk
          path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden.apk
@@ -277,7 +277,7 @@ jobs:

      - name: Upload beta .apk artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta.apk
          path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden.beta.apk
@@ -286,7 +286,7 @@ jobs:
      # When building variants other than 'prod'
      - name: Upload debug .apk artifact
        if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.${{ matrix.variant }}.apk
          path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk
@@ -324,7 +324,7 @@ jobs:

      - name: Upload .apk SHA file for release
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.apk-sha256.txt
          path: ./com.x8bit.bitwarden.apk-sha256.txt
@@ -332,7 +332,7 @@ jobs:

      - name: Upload .apk SHA file for beta
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta.apk-sha256.txt
          path: ./com.x8bit.bitwarden.beta.apk-sha256.txt
@@ -340,7 +340,7 @@ jobs:

      - name: Upload .aab SHA file for release
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.aab-sha256.txt
          path: ./com.x8bit.bitwarden.aab-sha256.txt
@@ -348,7 +348,7 @@ jobs:

      - name: Upload .aab SHA file for beta
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta.aab-sha256.txt
          path: ./com.x8bit.bitwarden.beta.aab-sha256.txt
@@ -356,7 +356,7 @@ jobs:

      - name: Upload .apk SHA file for debug
        if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
          path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
@@ -405,7 +405,7 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
        with:
          bundler-cache: true

@@ -442,10 +442,10 @@ jobs:
          --name app_fdroid_firebase-creds.json --file ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json --output none

      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ~/.gradle/caches
@@ -455,7 +455,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -464,7 +464,7 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}
@@ -515,7 +515,7 @@ jobs:
          keyPassword:"${{ env.FDROID_BETA_KEY_PASSWORD }}"

      - name: Upload F-Droid .apk artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden-fdroid.apk
          path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk
@@ -527,14 +527,14 @@ jobs:
          > ./com.x8bit.bitwarden-fdroid.apk-sha256.txt

      - name: Upload F-Droid SHA file
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden-fdroid.apk-sha256.txt
          path: ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
          if-no-files-found: error

      - name: Upload F-Droid Beta .apk artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta-fdroid.apk
          path: app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk
@@ -546,7 +546,7 @@ jobs:
          > ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt

      - name: Upload F-Droid Beta SHA file
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
          path: ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
--- a/.github/workflows/cron-sync-google-priviledged-browsers.yml
+++ b/.github/workflows/cron-sync-google-priviledged-browsers.yml
@@ -0,0 +1,98 @@
+name: Cron / Sync Google Privileged Browsers List
+
+on:
+  schedule:
+    # Run weekly on Monday at 00:00 UTC
+    - cron: '0 0 * * 1'
+  workflow_dispatch:
+
+env:
+  SOURCE_URL: https://www.gstatic.com/gpm-passkeys-privileged-apps/apps.json
+  GOOGLE_FILE: app/src/main/assets/fido2_privileged_google.json
+  COMMUNITY_FILE: app/src/main/assets/fido2_privileged_community.json
+
+jobs:
+  sync-privileged-browsers:
+    name: Sync Google Privileged Browsers List
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+
+      - name: Download Google Privileged Browsers List
+        run: curl -s $SOURCE_URL -o $GOOGLE_FILE
+
+      - name: Check for changes
+        id: check-changes
+        run: |
+          if git diff --quiet -- $GOOGLE_FILE; then
+            echo "👀 No changes detected, skipping..."
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          echo "has_changes=true" >> $GITHUB_OUTPUT
+          echo "👀 Changes detected, validating fido2_privileged_google.json..."
+
+          python .github/scripts/validate-json/validate_json.py validate $GOOGLE_FILE
+          if [ $? -ne 0 ]; then
+            echo "::error::JSON validation failed for $GOOGLE_FILE"
+            exit 1
+          fi
+
+          echo "👀 fido2_privileged_google.json is valid, checking for duplicates..."
+
+          # Check for duplicates between Google and Community files
+          python .github/scripts/validate-json/validate_json.py duplicates $GOOGLE_FILE $COMMUNITY_FILE duplicates.txt
+
+          if [ -f duplicates.txt ]; then
+            echo "::warning::Duplicate package names found between Google and Community files."
+            echo "duplicates_found=true" >> $GITHUB_OUTPUT
+          else
+            echo "✅ No duplicate package names found between Google and Community files"
+            echo "duplicates_found=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create branch and commit
+        if: steps.check-changes.outputs.has_changes == 'true'
+        run: |
+          echo "👀 Committing fido2_privileged_google.json..."
+
+          BRANCH_NAME="cron-sync-privileged-browsers/$GITHUB_RUN_NUMBER-sync"
+          git config user.name "GitHub Actions Bot"
+          git config user.email "actions@github.com"
+          git checkout -b $BRANCH_NAME
+          git add $GOOGLE_FILE
+          git commit -m "Update Google privileged browsers list"
+          git push origin $BRANCH_NAME
+          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
+          echo "🌱 Branch created: $BRANCH_NAME"
+
+      - name: Create Pull Request
+        if: steps.check-changes.outputs.has_changes == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DUPLICATES_FOUND: ${{ steps.check-changes.outputs.duplicates_found }}
+          BASE_PR_URL: ${{ github.server_url }}/${{ github.repository }}/pull/
+        run: |
+          PR_BODY="Updates the Google privileged browsers list with the latest data from $SOURCE_URL"
+
+          if [ "$DUPLICATES_FOUND" = "true" ]; then
+            PR_BODY="$PR_BODY\n\n> [!WARNING]\n> :suspect: The following package(s) appear in both Google and Community files:"
+            while IFS= read -r line; do
+              PR_BODY="$PR_BODY\n> - $line"
+            done < duplicates.txt
+          fi
+
+          # Use echo -e to interpret escape sequences and pipe to gh pr create
+          PR_URL=$(echo -e "$PR_BODY" | gh pr create \
+            --title "Update Google privileged browsers list" \
+            --body-file - \
+            --base main \
+            --head $BRANCH_NAME \
+            --label "automated-pr" \
+            --label "t:ci")
--- a/.github/workflows/crowdin-pull-authenticator.yml
+++ b/.github/workflows/crowdin-pull-authenticator.yml
@@ -29,14 +29,14 @@ jobs:
          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"

      - name: Generate GH App token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
        id: app-token
        with:
          app-id: ${{ secrets.BW_GHAPP_ID }}
          private-key: ${{ secrets.BW_GHAPP_KEY }}

      - name: Download translations
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
+        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
          CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }}
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@@ -29,14 +29,14 @@ jobs:
          secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"

      - name: Generate GH App token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
        id: app-token
        with:
          app-id: ${{ secrets.BW_GHAPP_ID }}
          private-key: ${{ secrets.BW_GHAPP_KEY }}

      - name: Download translations
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
+        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
--- a/.github/workflows/crowdin-push-authenticator.yml
+++ b/.github/workflows/crowdin-push-authenticator.yml
@@ -20,7 +20,7 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Upload sources
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
+        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }}
--- a/.github/workflows/crowdin-push.yml
+++ b/.github/workflows/crowdin-push.yml
@@ -29,7 +29,7 @@ jobs:
          secrets: "crowdin-api-token"

      - name: Upload sources
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
+        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
--- a/.github/workflows/github-release.yml
+++ b/.github/workflows/github-release.yml
@@ -95,7 +95,7 @@ jobs:

      - name: Create Release
        id: create_release
-        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2
        with:
          tag_name: "v${{ inputs.version-name }}"
          name: "${{ inputs.version-name }} (${{ inputs.version-number }})"
--- a/.github/workflows/scan-authenticator.yml
+++ b/.github/workflows/scan-authenticator.yml
@@ -1,76 +0,0 @@
-name: Scan Authenticator
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - "main"
-      - "rc"
-      - "hotfix-rc"
-  pull_request_target:
-    types: [opened, synchronize]
-
-jobs:
-  check-run:
-    name: Check PR run
-    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-
-  sast:
-    name: SAST scan
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-      security-events: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
-        env:
-          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
-        with:
-          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
-          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
-          additional_params: |
-            --report-format sarif \
-            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
-            --output-path . ${{ env.INCREMENTAL }}
-
-      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2
-        with:
-          sarif_file: cx_result.sarif
-
-  quality:
-    name: Quality scan
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        with:
-          args: >
-            -Dsonar.organization=${{ github.repository_owner }}
-            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
--- a/.github/workflows/scan-ci.yml
+++ b/.github/workflows/scan-ci.yml
@@ -21,7 +21,7 @@ jobs:
          fetch-depth: 0

      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
+        uses: checkmarx/ast-github-action@ef93013c95adc60160bc22060875e90800d3ecfc # 2.3.19
        with:
          project_name: ${{ github.repository }}
          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
@@ -34,7 +34,7 @@ jobs:
            --output-path .

      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
        with:
          sarif_file: cx_result.sarif

@@ -51,11 +51,10 @@ jobs:
          fetch-depth: 0

      - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
+        uses: sonarsource/sonarqube-scan-action@aa494459d7c39c106cc77b166de8b4250a32bb97 # v5.1.0
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          args: >
            -Dsonar.organization=${{ github.repository_owner }}
            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -2,8 +2,14 @@ name: Scan Pull Requests

 on:
  workflow_dispatch:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches-ignore:
+      - main
  pull_request_target:
-    types: [opened, synchronize]
+    types: [opened, synchronize, reopened]
+    branches:
+      - main

 jobs:
  check-run:
@@ -26,7 +32,7 @@ jobs:
          ref: ${{  github.event.pull_request.head.sha }}

      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
+        uses: checkmarx/ast-github-action@ef93013c95adc60160bc22060875e90800d3ecfc # 2.3.19
        env:
          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
        with:
@@ -41,9 +47,11 @@ jobs:
            --output-path . ${{ env.INCREMENTAL }}

      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
        with:
          sarif_file: cx_result.sarif
+          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
+          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}

  quality:
    name: Quality scan
@@ -61,7 +69,7 @@ jobs:
          ref: ${{  github.event.pull_request.head.sha }}

      - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
+        uses: sonarsource/sonarqube-scan-action@aa494459d7c39c106cc77b166de8b4250a32bb97 # v5.1.0
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
--- a/.github/workflows/test-authenticator.yml
+++ b/.github/workflows/test-authenticator.yml
@@ -1,82 +0,0 @@
-name: Test Authenticator
-
-on:
-  push:
-    branches:
-      - "main"
-      - "rc"
-      - "hotfix-rc"
-  pull_request_target:
-    types: [opened, synchronize]
-
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 17
-
-jobs:
-  check-run:
-    name: Check PR run
-    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-
-  test:
-    name: Test
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      packages: read
-      pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
-
-      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
-        with:
-          bundler-cache: true
-
-      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
-      - name: Build and test Authenticator
-        run: |
-          bundle exec fastlane checkAuthenticator
-
-      - name: Upload to codecov.io
-        uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
-        with:
-          files: authenticator/build/reports/kover/reportDebug.xml
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,16 +23,17 @@ jobs:
    runs-on: ubuntu-24.04
    permissions:
      packages: read
+      pull-requests: write

    steps:
      - name: Check out repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1

      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ~/.gradle/caches
@@ -42,7 +43,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -51,12 +52,12 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0
        with:
          bundler-cache: true

      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: "temurin"
          java-version: ${{ env._JAVA_VERSION }}
@@ -74,40 +75,30 @@ jobs:
          bundle exec fastlane check

      - name: Upload test reports
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        if: always()
        with:
          name: test-reports
          path: |
+            build/reports/kover/reportMergedCoverage.xml
            app/build/reports/tests/
-            app/build/reports/kover/reportStandardDebug.xml
-
-  report:
-    name: Process Test Reports
-    needs: test
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      issues: write
-      pull-requests: write
-    if: success()
-
-    steps:
-      - name: Download test artifacts
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        with:
-          name: test-reports
+            authenticator/build/reports/tests/
+            authenticatorbridge/build/reports/tests/
+            core/build/reports/tests/
+            data/build/reports/tests/
+            network/build/reports/tests/
+            ui/build/reports/tests/

      - name: Upload to codecov.io
        id: upload-to-codecov
-        uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
+        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
        if: github.event_name == 'push' || github.event_name == 'pull_request'
        continue-on-error: true
        with:
          os: linux
-          files: kover/reportStandardDebug.xml
+          files: build/reports/kover/reportMergedCoverage.xml
          fail_ci_if_error: true
+          disable_search: true

      - name: Comment PR if tests failed
        if: steps.upload-to-codecov.outcome == 'failure' && (github.event_name == 'push' || github.event_name == 'pull_request')
--- a/.gitignore
+++ b/.gitignore
@@ -29,8 +29,9 @@ user.properties
 /app/src/standardRelease/google-services.json
 /authenticator/src/google-services.json

-# python
+# Python
+.python-version
 __pycache__/
-*.py[cod]
-*$py.class
-*.so
+
+# Generated by .github/scripts/validate-json/validate-json.py
+duplicates.txt
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -9,17 +9,19 @@ GEM
      public_suffix (>= 2.0.2, < 7.0)
    artifactory (3.0.17)
    atomos (0.1.3)
-    aws-eventstream (1.3.0)
-    aws-partitions (1.1040.0)
-    aws-sdk-core (3.216.0)
+    aws-eventstream (1.3.2)
+    aws-partitions (1.1102.0)
+    aws-sdk-core (3.223.0)
      aws-eventstream (~> 1, >= 1.3.0)
      aws-partitions (~> 1, >= 1.992.0)
      aws-sigv4 (~> 1.9)
+      base64
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.97.0)
+      logger
+    aws-sdk-kms (1.100.0)
      aws-sdk-core (~> 3, >= 3.216.0)
      aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.178.0)
+    aws-sdk-s3 (1.185.0)
      aws-sdk-core (~> 3, >= 3.216.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.5)
@@ -34,7 +36,7 @@ GEM
      highline (~> 2.0.0)
    date (3.4.1)
    declarative (0.0.20)
-    digest-crc (0.6.5)
+    digest-crc (0.7.0)
      rake (>= 12.0.0, < 14.0.0)
    domain_name (0.6.20240107)
    dotenv (2.8.1)
@@ -69,7 +71,7 @@ GEM
    faraday_middleware (1.2.1)
      faraday (~> 1.0)
    fastimage (2.4.0)
-    fastlane (2.226.0)
+    fastlane (2.227.2)
      CFPropertyList (>= 2.3, < 4.0.0)
      addressable (>= 2.8, < 3.0.0)
      artifactory (~> 3.0)
@@ -109,9 +111,9 @@ GEM
      tty-spinner (>= 0.8.0, < 1.0.0)
      word_wrap (~> 1.0.0)
      xcodeproj (>= 1.13.0, < 2.0.0)
-      xcpretty (~> 0.4.0)
+      xcpretty (~> 0.4.1)
      xcpretty-travis-formatter (>= 0.0.3, < 2.0.0)
-    fastlane-plugin-firebase_app_distribution (0.10.0)
+    fastlane-plugin-firebase_app_distribution (0.10.1)
      google-apis-firebaseappdistribution_v1 (~> 0.3.0)
      google-apis-firebaseappdistribution_v1alpha (~> 0.2.0)
    fastlane-sirp (1.0.0)
@@ -137,12 +139,12 @@ GEM
      google-apis-core (>= 0.11.0, < 2.a)
    google-apis-storage_v1 (0.31.0)
      google-apis-core (>= 0.11.0, < 2.a)
-    google-cloud-core (1.7.1)
+    google-cloud-core (1.8.0)
      google-cloud-env (>= 1.0, < 3.a)
      google-cloud-errors (~> 1.0)
    google-cloud-env (1.6.0)
      faraday (>= 0.17.3, < 3.0)
-    google-cloud-errors (1.4.0)
+    google-cloud-errors (1.5.0)
    google-cloud-storage (1.47.0)
      addressable (~> 2.8)
      digest-crc (~> 0.4)
@@ -160,34 +162,37 @@ GEM
    highline (2.0.3)
    http-cookie (1.0.8)
      domain_name (~> 0.5)
-    httpclient (2.8.3)
+    httpclient (2.9.0)
+      mutex_m
    jmespath (1.6.2)
-    json (2.9.1)
+    json (2.11.3)
    jwt (2.10.1)
      base64
+    logger (1.7.0)
    mini_magick (4.13.2)
    mini_mime (1.1.5)
    multi_json (1.15.0)
    multipart-post (2.4.1)
+    mutex_m (0.3.0)
    nanaimo (0.4.0)
    naturally (2.2.1)
    nkf (0.2.0)
    optparse (0.6.0)
    os (1.1.4)
    plist (3.7.2)
-    public_suffix (6.0.1)
+    public_suffix (6.0.2)
    rake (13.2.1)
    representable (3.2.0)
      declarative (< 0.1.0)
      trailblazer-option (>= 0.1.1, < 0.2.0)
      uber (< 0.2.0)
    retriable (3.1.2)
-    rexml (3.4.0)
+    rexml (3.4.1)
    rouge (3.28.0)
    ruby2_keywords (0.0.5)
    rubyzip (2.4.1)
    security (0.1.5)
-    signet (0.19.0)
+    signet (0.20.0)
      addressable (~> 2.8)
      faraday (>= 0.17.5, < 3.a)
      jwt (>= 1.5, < 3.0)
@@ -216,7 +221,7 @@ GEM
      colored2 (~> 3.1)
      nanaimo (~> 0.4.0)
      rexml (>= 3.3.6, < 4.0)
-    xcpretty (0.4.0)
+    xcpretty (0.4.1)
      rouge (~> 3.28.0)
    xcpretty-travis-formatter (1.0.1)
      xcpretty (~> 0.2, >= 0.0.7)
@@ -233,4 +238,4 @@ RUBY VERSION
   ruby 3.3.1p55

 BUNDLED WITH
-   2.5.9
+   2.6.6
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@

 - [Compatibility](#compatibility)
 - [Setup](#setup)
+- [Theme](#theme)
 - [Dependencies](#dependencies)

 ## Compatibility
@@ -15,7 +16,6 @@

 ## Setup

-
 1. Clone the repository:

    ```sh
@@ -52,12 +52,36 @@

    Please avoid mixing formatting and logical changes in the same commit/PR. When possible, fix any large formatting issues in a separate PR before opening one to make logical changes to the same code. This helps others focus on the meaningful code changes when reviewing the code.

+## Theme
+
+### Icons & Illustrations
+
+The app supports light mode, dark mode and dynamic colors. Most icons in the app will display correctly using tinting but multi-tonal icons and illustrations require extra processing in order to be displayed properly with dynamic colors.
+
+All illustrations and multi-tonal icons require the svg paths to be tagged with the `name` attribute in order for each individual path to be tinted the appropriate color. Any untagged path will not be tinted and the resulting image will be incorrect.
+
+The supported tags are as follows:
+
+* outline
+* primary
+* secondary
+* tertiary
+* accent
+* logo
+* navigation
+* navigationActiveAccent
+
 ## Dependencies

 ### Application Dependencies

 The following is a list of all third-party dependencies included as part of the application beyond the standard Android SDK.

+- **AndroidX Activity**
+    - https://developer.android.com/jetpack/androidx/releases/activity
+    - Purpose: Allows access composable APIs built on top of Activity.
+    - License: Apache 2.0
+
 - **AndroidX Appcompat**
    - https://developer.android.com/jetpack/androidx/releases/appcompat
    - Purpose: Allows access to new APIs on older API versions.
@@ -78,7 +102,7 @@ The following is a list of all third-party dependencies included as part of the
    - Purpose: Displays webpages with the user's default browser.
    - License: Apache 2.0

- **AndroidX CameraX Camera2**
+- **AndroidX Camera**
    - https://developer.android.com/jetpack/androidx/releases/camera
    - Purpose: Display and capture images for barcode scanning.
    - License: Apache 2.0
@@ -88,9 +112,9 @@ The following is a list of all third-party dependencies included as part of the
    - Purpose: A Kotlin-based declarative UI framework.
    - License: Apache 2.0

- **AndroidX Core SplashScreen**
+- **AndroidX Core**
    - https://developer.android.com/jetpack/androidx/releases/core
-    - Purpose: Backwards compatible SplashScreen API implementation.
+    - Purpose: Backwards compatible platform features and APIs.
    - License: Apache 2.0

 - **AndroidX Credentials**
@@ -103,6 +127,11 @@ The following is a list of all third-party dependencies included as part of the
    - Purpose: Lifecycle aware components and tooling.
    - License: Apache 2.0

+- **AndroidX Navigation**
+    - https://developer.android.com/jetpack/androidx/releases/navigation
+    - Purpose: Provides a consistent API for navigating between Android components.
+    - License: Apache 2.0
+
 - **AndroidX Room**
    - https://developer.android.com/jetpack/androidx/releases/room
    - Purpose: A convenient SQLite-based persistence layer for Android.
@@ -123,21 +152,6 @@ The following is a list of all third-party dependencies included as part of the
    - Purpose: Dependency injection framework.
    - License: Apache 2.0

- **Firebase Cloud Messaging**
-    - https://github.com/firebase/firebase-android-sdk
-    - Purpose: Allows for push notification support. (**NOTE:** This dependency is not included in builds distributed via F-Droid.)
-    - License: Apache 2.0
-
- **Firebase Crashlytics**
-    - https://github.com/firebase/firebase-android-sdk
-    - Purpose: SDK for crash and non-fatal error reporting. (**NOTE:** This dependency is not included in builds distributed via F-Droid.)
-    - License: Apache 2.0
-  
- **Google Play Reviews**
-  - https://developer.android.com/reference/com/google/android/play/core/release-notes
-  - Purpose: On standard builds provide an interface to add a review for the password manager application in Google Play.
-  - License: Apache 2.0
-
 - **Glide**
    - https://github.com/bumptech/glide
    - Purpose: Image loading and caching.
@@ -158,11 +172,6 @@ The following is a list of all third-party dependencies included as part of the
    - Purpose: JSON serialization library for Kotlin.
    - License: Apache 2.0

- **kotlinx.serialization converter**
-    - https://github.com/square/retrofit/tree/trunk/retrofit-converters/kotlinx-serialization
-    - Purpose: Converter for Retrofit 2 and kotlinx.serialization.
-    - License: Apache 2.0
-
 - **OkHttp 3**
    - https://github.com/square/okhttp
    - Purpose: An HTTP client used by the library to intercept and log traffic.
@@ -178,16 +187,28 @@ The following is a list of all third-party dependencies included as part of the
    - Purpose: Extensible logging library for Android.
    - License: Apache 2.0

- **zxcvbn4j**
-    - https://github.com/nulab/zxcvbn4j
-    - Purpose: Password strength estimation.
-    - License: MIT
-
 - **ZXing**
    - https://github.com/zxing/zxing
    - Purpose: Barcode scanning and generation.
    - License: Apache 2.0

+The following is an additional list of third-party dependencies that are only included in the non-F-Droid build variants of the application.
+
+- **Firebase Cloud Messaging**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: Allows for push notification support.
+    - License: Apache 2.0
+
+- **Firebase Crashlytics**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: SDK for crash and non-fatal error reporting.
+    - License: Apache 2.0
+
+- **Google Play Reviews**
+    - https://developer.android.com/reference/com/google/android/play/core/release-notes
+    - Purpose: On standard builds provide an interface to add a review for the password manager application in Google Play.
+    - License: Apache 2.0
+
 ### Development Environment Dependencies

 The following is a list of additional third-party dependencies used as part of the local development environment. This includes test-related artifacts as well as tools related to code quality and linting. These are not present in the final packaged application.
--- a/annotation/.gitignore
+++ b/annotation/.gitignore
@@ -0,0 +1 @@
+/build
--- a/annotation/build.gradle.kts
+++ b/annotation/build.gradle.kts
@@ -0,0 +1,42 @@
+import org.jetbrains.kotlin.gradle.dsl.JvmTarget
+
+plugins {
+    alias(libs.plugins.android.library)
+    alias(libs.plugins.kotlin.android)
+}
+
+android {
+    namespace = "com.bitwarden.annotation"
+    compileSdk = libs.versions.compileSdk.get().toInt()
+
+    defaultConfig {
+        minSdk = libs.versions.minSdkBwa.get().toInt()
+
+        testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
+        consumerProguardFiles("consumer-rules.pro")
+    }
+
+    buildTypes {
+        release {
+            isMinifyEnabled = false
+            proguardFiles(
+                getDefaultProguardFile("proguard-android-optimize.txt"),
+                "proguard-rules.pro",
+            )
+        }
+    }
+    compileOptions {
+        sourceCompatibility(libs.versions.jvmTarget.get())
+        targetCompatibility(libs.versions.jvmTarget.get())
+    }
+    @Suppress("UnstableApiUsage")
+    testFixtures {
+        enable = true
+    }
+}
+
+kotlin {
+    compilerOptions {
+        jvmTarget.set(JvmTarget.fromTarget(libs.versions.jvmTarget.get()))
+    }
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/annotation/OmitFromCoverage.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/annotation/OmitFromCoverage.kt
@@ -1,4 +1,4 @@
-package com.x8bit.bitwarden.data.platform.annotation
+package com.bitwarden.annotation

 /**
 * Used to omit the annotated class from test coverage reporting. This should be used sparingly and
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -13,16 +13,13 @@ plugins {
    // Crashlytics is enabled for all builds initially but removed for FDroid builds in gradle and
    // standardDebug builds in the merged manifest.
    alias(libs.plugins.crashlytics)
-    alias(libs.plugins.detekt)
    alias(libs.plugins.hilt)
    alias(libs.plugins.kotlin.android)
    alias(libs.plugins.kotlin.compose.compiler)
    alias(libs.plugins.kotlin.parcelize)
    alias(libs.plugins.kotlin.serialization)
-    alias(libs.plugins.kotlinx.kover)
    alias(libs.plugins.ksp)
    alias(libs.plugins.google.services)
-    alias(libs.plugins.sonarqube)
 }

 /**
@@ -54,7 +51,7 @@ android {
        minSdk = libs.versions.minSdk.get().toInt()
        targetSdk = libs.versions.targetSdk.get().toInt()
        versionCode = 1
-        versionName = "2024.9.0"
+        versionName = "2025.4.0"

        setProperty("archivesBaseName", "com.x8bit.bitwarden")

@@ -68,7 +65,7 @@ android {
        buildConfigField(
            type = "String",
            name = "CI_INFO",
-            value = "${ciProperties.getOrDefault("ci.info", "\"local\"")}"
+            value = "${ciProperties.getOrDefault("ci.info", "\"local\"")}",
        )
    }

@@ -102,9 +99,10 @@ android {
            applicationIdSuffix = ".beta"
            isDebuggable = false
            isMinifyEnabled = true
+            matchingFallbacks += listOf("release")
            proguardFiles(
                getDefaultProguardFile("proguard-android-optimize.txt"),
-                "proguard-rules.pro"
+                "proguard-rules.pro",
            )

            buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "false")
@@ -115,7 +113,7 @@ android {
            isMinifyEnabled = true
            proguardFiles(
                getDefaultProguardFile("proguard-android-optimize.txt"),
-                "proguard-rules.pro"
+                "proguard-rules.pro",
            )

            buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "false")
@@ -180,7 +178,6 @@ android {
            excludes += "/META-INF/{AL2.0,LGPL2.1}"
        }
    }
-    @Suppress("UnstableApiUsage")
    testOptions {
        // Required for Robolectric
        unitTests.isIncludeAndroidResources = true
@@ -216,6 +213,12 @@ dependencies {

    implementation(files("libs/authenticatorbridge-1.0.0-release.aar"))

+    implementation(project(":annotation"))
+    implementation(project(":core"))
+    implementation(project(":data"))
+    implementation(project(":network"))
+    implementation(project(":ui"))
+
    implementation(libs.androidx.activity.compose)
    implementation(libs.androidx.appcompat)
    implementation(libs.androidx.autofill)
@@ -227,6 +230,7 @@ dependencies {
    implementation(platform(libs.androidx.compose.bom))
    implementation(libs.androidx.compose.animation)
    implementation(libs.androidx.compose.material3)
+    implementation(libs.androidx.compose.material3.adaptive)
    implementation(libs.androidx.compose.runtime)
    implementation(libs.androidx.compose.ui)
    implementation(libs.androidx.compose.ui.graphics)
@@ -251,7 +255,6 @@ dependencies {
    implementation(libs.kotlinx.collections.immutable)
    implementation(libs.kotlinx.coroutines.android)
    implementation(libs.kotlinx.serialization)
-    implementation(libs.nulab.zxcvbn4j)
    implementation(libs.square.okhttp)
    implementation(libs.square.okhttp.logging)
    implementation(platform(libs.square.retrofit.bom))
@@ -270,8 +273,15 @@ dependencies {
    standardImplementation(libs.google.firebase.crashlytics)
    standardImplementation(libs.google.play.review)

+    // Pull in test fixtures from other modules
+    testImplementation(testFixtures(project(":data")))
+    testImplementation(testFixtures(project(":network")))
+    testImplementation(testFixtures(project(":ui")))
+
    testImplementation(libs.androidx.compose.ui.test)
    testImplementation(libs.google.hilt.android.testing)
+    testImplementation(platform(libs.junit.bom))
+    testRuntimeOnly(libs.junit.platform.launcher)
    testImplementation(libs.junit.junit5)
    testImplementation(libs.junit.vintage)
    testImplementation(libs.kotlinx.coroutines.test)
@@ -279,90 +289,9 @@ dependencies {
    testImplementation(libs.robolectric.robolectric)
    testImplementation(libs.square.okhttp.mockwebserver)
    testImplementation(libs.square.turbine)
-
-    detektPlugins(libs.detekt.detekt.formatting)
-    detektPlugins(libs.detekt.detekt.rules)
-}
-
-detekt {
-    autoCorrect = true
-    config.from(files("$rootDir/detekt-config.yml"))
-}
-
-kover {
-    currentProject {
-        sources {
-            excludeJava = true
-        }
-    }
-    reports {
-        filters {
-            excludes {
-                androidGeneratedClasses()
-                annotatedBy(
-                    // Compose previews
-                    "androidx.compose.ui.tooling.preview.Preview",
-                    "androidx.compose.ui.tooling.preview.PreviewScreenSizes",
-                    // Manually excluded classes/files/etc.
-                    "com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage",
-                )
-                classes(
-                    // Navigation helpers
-                    "*.*NavigationKt*",
-                    // Composable singletons
-                    "*.*ComposableSingletons*",
-                    // Generated classes related to interfaces with default values
-                    "*.*DefaultImpls*",
-                    // Databases
-                    "*.database.*Database*",
-                    "*.dao.*Dao*",
-                    // Dagger Hilt
-                    "dagger.hilt.*",
-                    "hilt_aggregated_deps.*",
-                    "*_Factory",
-                    "*_Factory\$*",
-                    "*_*Factory",
-                    "*_*Factory\$*",
-                    "*.Hilt_*",
-                    "*_HiltModules",
-                    "*_HiltModules*",
-                    "*_HiltModules\$*",
-                    "*_Impl",
-                    "*_Impl\$*",
-                    "*_MembersInjector",
-                )
-                packages(
-                    // Dependency injection
-                    "*.di",
-                    // Models
-                    "*.model",
-                    // Custom UI components
-                    "com.x8bit.bitwarden.ui.platform.components",
-                    // Theme-related code
-                    "com.x8bit.bitwarden.ui.platform.theme",
-                )
-            }
-        }
-    }
 }

 tasks {
-    getByName("check") {
-        // Add detekt with type resolution to check
-        dependsOn("detekt")
-    }
-
-    getByName("sonar") {
-        dependsOn("check")
-    }
-
-    withType<io.gitlab.arturbosch.detekt.Detekt>().configureEach {
-        jvmTarget = libs.versions.jvmTarget.get()
-    }
-    withType<io.gitlab.arturbosch.detekt.DetektCreateBaselineTask>().configureEach {
-        jvmTarget = libs.versions.jvmTarget.get()
-    }
-
    withType<Test> {
        useJUnitPlatform()
        maxHeapSize = "2g"
@@ -382,18 +311,6 @@ afterEvaluate {
        .forEach { it.enabled = false }
 }

-sonar {
-    properties {
-        property("sonar.projectKey", "bitwarden_android")
-        property("sonar.organization", "bitwarden")
-        property("sonar.host.url", "https://sonarcloud.io")
-        property("sonar.sources", "app/src/")
-        property("sonar.tests", "app/src/")
-        property("sonar.test.inclusions", "app/src/test/")
-        property("sonar.exclusions", "app/src/test/")
-    }
-}
-
 private fun renameFile(path: String, newName: String) {
    val originalFile = File(path)
    if (!originalFile.exists()) {
--- a/app/src/fdroid/java/com/x8bit/bitwarden/data/platform/manager/LogsManagerImpl.kt
+++ b/app/src/fdroid/java/com/x8bit/bitwarden/data/platform/manager/LogsManagerImpl.kt
@@ -1,9 +1,9 @@
 package com.x8bit.bitwarden.data.platform.manager

+import com.bitwarden.data.repository.model.Environment
 import com.x8bit.bitwarden.BuildConfig
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacyAppCenterMigrator
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-import com.x8bit.bitwarden.data.platform.repository.model.Environment
 import timber.log.Timber

 /**
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -15,7 +15,7 @@
    <uses-permission android:name="android.permission.CAMERA" />
    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
-    <uses-permission android:name="android.permission.READ_USER_DICTIONARY"/>
+    <uses-permission android:name="android.permission.READ_USER_DICTIONARY" />
    <!-- Protect access to AuthenticatorBridgeService using this custom permission.

    Note that each build type uses a different value for knownCerts.
@@ -76,16 +76,15 @@
                <category android:name="android.intent.category.BROWSABLE" />

                <data android:scheme="https" />
-
-                <data android:host="vault.bitwarden.com" />
-                <data android:host="vault.bitwarden.eu" />
+                <data android:host="*.bitwarden.com" />
+                <data android:host="*.bitwarden.eu" />
                <data android:host="*.bitwarden.pw" />
                <data android:pathPattern="/redirect-connector.*" />
            </intent-filter>
            <intent-filter>
-                <action android:name="com.x8bit.bitwarden.fido2.ACTION_CREATE_PASSKEY" />
-                <action android:name="com.x8bit.bitwarden.fido2.ACTION_GET_PASSKEY" />
-                <action android:name="com.x8bit.bitwarden.fido2.ACTION_UNLOCK_ACCOUNT" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSKEY" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSKEY" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_UNLOCK_ACCOUNT" />

                <category android:name="android.intent.category.DEFAULT" />
            </intent-filter>
@@ -310,6 +309,14 @@
            android:exported="true"
            android:permission="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE" />

+        <!-- Firebase SDK initOrder is 100. We use a higher order to initialize first -->
+        <provider
+            android:name=".data.platform.contentprovider.UncaughtErrorLoggingContentProvider"
+            android:authorities="${applicationId}"
+            android:exported="false"
+            android:grantUriPermissions="false"
+            android:initOrder="101" />
+
    </application>

    <queries>
--- a/app/src/main/assets/fido2_privileged_community.json
+++ b/app/src/main/assets/fido2_privileged_community.json
@@ -12,20 +12,6 @@
        ]
      }
    },
-
-    {
-      "type": "android",
-      "info": {
-        "package_name": "net.quetta.browser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80"
-          }
-        ]
-      }
-    },
-
    {
      "type": "android",
      "info": {
@@ -62,18 +48,6 @@
        ]
      }
    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.fenix",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "50:04:77:90:88:E7:F9:88:D5:BC:5C:C5:F8:79:8F:EB:F4:F8:CD:08:4A:1B:2A:46:EF:D4:C8:EE:4A:EA:F2:11"
-          }
-        ]
-      }
-    },
    {
      "type": "android",
      "info": {
--- a/app/src/main/assets/fido2_privileged_google.json
+++ b/app/src/main/assets/fido2_privileged_google.json
@@ -160,6 +160,78 @@
        ]
      }
    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fenix",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "50:04:77:90:88:E7:F9:88:D5:BC:5C:C5:F8:79:8F:EB:F4:F8:CD:08:4A:1B:2A:46:EF:D4:C8:EE:4A:EA:F2:11"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fenix.debug",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "BD:AE:82:02:80:D2:AF:B7:74:94:EF:22:58:AA:78:A9:AE:A1:36:41:7E:8B:C2:3D:C9:87:75:2E:6F:48:E8:48"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.focus.beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.focus.nightly",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.klar",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.reference.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "B0:09:90:E3:0F:9D:81:5D:2E:BC:7B:9B:B2:21:CE:47:E5:C9:D5:17:AA:C7:0E:7F:D5:95:B1:E5:3E:9A:4B:14"
+          }
+        ]
+      }
+    },
    {
      "type": "android",
      "info": {
@@ -571,6 +643,142 @@
          }
        ]
      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.Island",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "D9:C3:39:AC:9C:3A:EE:E1:75:1D:85:8C:35:D9:BA:C5:CC:87:B3:CE:76:30:93:F0:F5:10:64:F5:A2:F6:9B:04"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandCanary",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "90:17:13:23:45:6E:6F:39:CB:FD:CF:B2:56:BE:1D:CF:F3:BC:1C:59:8A:15:93:30:E4:97:73:D0:4C:B9:C9:05"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandBeta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "35:31:83:1A:9E:2B:21:1D:E6:AA:C3:69:4B:45:83:6E:56:09:B9:D7:D0:04:C3:1B:21:87:40:FB:77:17:38:D1"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandDev",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C2:38:24:15:41:20:A0:8F:C3:95:42:AC:D8:2A:E9:24:94:78:80:1E:47:FD:6C:66:2B:18:1C:28:CA:7E:59:4E"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.canary.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "1E:16:74:BB:79:EA:09:FB:37:CF:9F:1B:07:1B:1D:51:8D:46:03:0E:D3:EE:F2:C1:4E:AD:93:9E:C6:EE:3A:4C"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.beta.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "D2:5E:AD:F6:1C:E6:36:6C:A4:23:A4:7F:C4:DB:9B:8C:9C:8A:35:B4:B0:19:E8:D9:82:FB:D0:8A:D9:DB:49:5A"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.dev.intune",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "net.quetta.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "F1:38:00:4F:38:04:51:D4:8A:05:2B:B3:A3:EF:17:24:23:D4:B0:D0:C8:A3:AA:DD:FB:DB:66:30:31:48:EC:A4"
+          }
+        ]
+      }
    }
  ]
-}
+}
--- a/app/src/main/java/com/x8bit/bitwarden/AccessibilityActivity.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/AccessibilityActivity.kt
@@ -2,7 +2,7 @@ package com.x8bit.bitwarden

 import android.os.Bundle
 import androidx.appcompat.app.AppCompatActivity
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
+import com.bitwarden.annotation.OmitFromCoverage

 /**
 * An activity to be launched and then immediately closed so that the OS Shade can be collapsed
--- a/app/src/main/java/com/x8bit/bitwarden/AuthCallbackActivity.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/AuthCallbackActivity.kt
@@ -4,7 +4,7 @@ import android.content.Intent
 import android.os.Bundle
 import androidx.activity.viewModels
 import androidx.appcompat.app.AppCompatActivity
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
+import com.bitwarden.annotation.OmitFromCoverage
 import dagger.hilt.android.AndroidEntryPoint

 /**
--- a/app/src/main/java/com/x8bit/bitwarden/AuthCallbackViewModel.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/AuthCallbackViewModel.kt
@@ -1,13 +1,13 @@
 package com.x8bit.bitwarden

 import android.content.Intent
+import com.bitwarden.ui.platform.base.BaseViewModel
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.auth.repository.util.getCaptchaCallbackTokenResult
 import com.x8bit.bitwarden.data.auth.repository.util.getDuoCallbackTokenResult
 import com.x8bit.bitwarden.data.auth.repository.util.getSsoCallbackResult
 import com.x8bit.bitwarden.data.auth.repository.util.getWebAuthResultOrNull
 import com.x8bit.bitwarden.data.auth.util.getYubiKeyResultOrNull
-import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
 import dagger.hilt.android.lifecycle.HiltViewModel
 import javax.inject.Inject

--- a/app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyActivity.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyActivity.kt
@@ -4,8 +4,8 @@ import android.os.Bundle
 import androidx.activity.viewModels
 import androidx.appcompat.app.AppCompatActivity
 import androidx.lifecycle.lifecycleScope
+import com.bitwarden.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import dagger.hilt.android.AndroidEntryPoint
 import kotlinx.coroutines.flow.launchIn
 import kotlinx.coroutines.flow.onEach
--- a/app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyViewModel.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyViewModel.kt
@@ -2,6 +2,7 @@ package com.x8bit.bitwarden

 import android.content.Intent
 import androidx.lifecycle.viewModelScope
+import com.bitwarden.ui.platform.base.BaseViewModel
 import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.autofill.util.getTotpCopyIntentOrNull
@@ -9,7 +10,6 @@ import com.x8bit.bitwarden.data.platform.util.launchWithTimeout
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockData
 import com.x8bit.bitwarden.data.vault.repository.util.statusFor
-import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
 import dagger.hilt.android.lifecycle.HiltViewModel
 import kotlinx.coroutines.flow.first
 import kotlinx.coroutines.flow.mapNotNull
--- a/app/src/main/java/com/x8bit/bitwarden/BitwardenAppComponentFactory.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/BitwardenAppComponentFactory.kt
@@ -5,10 +5,10 @@ import android.content.Intent
 import android.os.Build
 import androidx.annotation.Keep
 import androidx.core.app.AppComponentFactory
+import com.bitwarden.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.BitwardenAutofillService
 import com.x8bit.bitwarden.data.autofill.accessibility.BitwardenAccessibilityService
-import com.x8bit.bitwarden.data.autofill.fido2.BitwardenFido2ProviderService
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
+import com.x8bit.bitwarden.data.credentials.BitwardenCredentialProviderService
 import com.x8bit.bitwarden.data.tiles.BitwardenAutofillTileService
 import com.x8bit.bitwarden.data.tiles.BitwardenGeneratorTileService
 import com.x8bit.bitwarden.data.tiles.BitwardenVaultTileService
@@ -30,7 +30,7 @@ class BitwardenAppComponentFactory : AppComponentFactory() {
     * * [BitwardenAccessibilityService]
     * * [BitwardenAutofillService]
     * * [BitwardenAutofillTileService]
-     * * [BitwardenFido2ProviderService]
+     * * [BitwardenCredentialProviderService]
     * * [BitwardenVaultTileService]
     * * [BitwardenGeneratorTileService]
     */
@@ -63,7 +63,7 @@ class BitwardenAppComponentFactory : AppComponentFactory() {
            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
                super.instantiateServiceCompat(
                    cl,
-                    BitwardenFido2ProviderService::class.java.name,
+                    BitwardenCredentialProviderService::class.java.name,
                    intent,
                )
            } else {
--- a/app/src/main/java/com/x8bit/bitwarden/BitwardenApplication.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/BitwardenApplication.kt
@@ -1,13 +1,15 @@
 package com.x8bit.bitwarden

 import android.app.Application
+import com.bitwarden.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.event.OrganizationEventManager
 import com.x8bit.bitwarden.data.platform.manager.network.NetworkConfigManager
+import com.x8bit.bitwarden.data.platform.manager.network.NetworkConnectionManager
 import com.x8bit.bitwarden.data.platform.manager.restriction.RestrictionManager
 import dagger.hilt.android.HiltAndroidApp
+import timber.log.Timber
 import javax.inject.Inject

 /**
@@ -21,6 +23,9 @@ class BitwardenApplication : Application() {
    @Inject
    lateinit var logsManager: LogsManager

+    @Inject
+    lateinit var networkConnectionManager: NetworkConnectionManager
+
    @Inject
    lateinit var networkConfigManager: NetworkConfigManager

@@ -32,4 +37,9 @@ class BitwardenApplication : Application() {

    @Inject
    lateinit var restrictionManager: RestrictionManager
+
+    override fun onLowMemory() {
+        super.onLowMemory()
+        Timber.w("onLowMemory")
+    }
 }
--- a/app/src/main/java/com/x8bit/bitwarden/BitwardenLegacyAppComponents.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/BitwardenLegacyAppComponents.kt
@@ -6,6 +6,11 @@ package com.x8bit.bitwarden
 const val LEGACY_ACCESSIBILITY_SERVICE_NAME: String =
    "com.x8bit.bitwarden.Accessibility.AccessibilityService"

+/**
+ * The short form legacy name for the accessibility service.
+ */
+const val LEGACY_SHORT_ACCESSIBILITY_SERVICE_NAME: String = ".Accessibility.AccessibilityService"
+
 /**
 * The legacy name for the autofill service.
 */
--- a/app/src/main/java/com/x8bit/bitwarden/MainActivity.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/MainActivity.kt
@@ -1,6 +1,7 @@
 package com.x8bit.bitwarden

 import android.content.Intent
+import android.os.Build
 import android.os.Bundle
 import android.view.KeyEvent
 import android.view.MotionEvent
@@ -15,25 +16,31 @@ import androidx.compose.runtime.remember
 import androidx.core.os.LocaleListCompat
 import androidx.core.splashscreen.SplashScreen.Companion.installSplashScreen
 import androidx.lifecycle.compose.collectAsStateWithLifecycle
-import androidx.navigation.compose.rememberNavController
+import androidx.navigation.compose.NavHost
+import com.bitwarden.annotation.OmitFromCoverage
+import com.bitwarden.ui.platform.base.util.EventsEffect
+import com.bitwarden.ui.platform.theme.BitwardenTheme
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityCompletionManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillActivityManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.platform.manager.util.ObserveScreenDataEffect
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-import com.x8bit.bitwarden.ui.platform.base.util.EventsEffect
+import com.x8bit.bitwarden.ui.platform.components.util.rememberBitwardenNavController
 import com.x8bit.bitwarden.ui.platform.composition.LocalManagerProvider
+import com.x8bit.bitwarden.ui.platform.feature.debugmenu.debugMenuDestination
 import com.x8bit.bitwarden.ui.platform.feature.debugmenu.manager.DebugMenuLaunchManager
 import com.x8bit.bitwarden.ui.platform.feature.debugmenu.navigateToDebugMenuScreen
-import com.x8bit.bitwarden.ui.platform.feature.rootnav.RootNavScreen
-import com.x8bit.bitwarden.ui.platform.theme.BitwardenTheme
+import com.x8bit.bitwarden.ui.platform.feature.rootnav.ROOT_ROUTE
+import com.x8bit.bitwarden.ui.platform.feature.rootnav.rootNavDestination
+import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppLanguage
+import com.x8bit.bitwarden.ui.platform.util.appLanguage
 import dagger.hilt.android.AndroidEntryPoint
 import javax.inject.Inject

 /**
 * Primary entry point for the application.
 */
+@Suppress("TooManyFunctions")
@OmitFromCoverage
@AndroidEntryPoint
 class MainActivity : AppCompatActivity() {
@@ -69,17 +76,13 @@ class MainActivity : AppCompatActivity() {
            )
        }

-        // Within the app the language and theme will change dynamically and will be managed by the
+        // Within the app the theme will change dynamically and will be managed by the
        // OS, but we need to ensure we properly set the values when upgrading from older versions
        // that handle this differently or when the activity restarts.
-        settingsRepository.appLanguage.localeName?.let { localeName ->
-            val localeList = LocaleListCompat.forLanguageTags(localeName)
-            AppCompatDelegate.setApplicationLocales(localeList)
-        }
        AppCompatDelegate.setDefaultNightMode(settingsRepository.appTheme.osValue)
        setContent {
            val state by mainViewModel.stateFlow.collectAsStateWithLifecycle()
-            val navController = rememberNavController()
+            val navController = rememberBitwardenNavController(name = "MainActivity")
            EventsEffect(viewModel = mainViewModel) { event ->
                when (event) {
                    is MainEvent.CompleteAccessibilityAutofill -> {
@@ -111,7 +114,7 @@ class MainActivity : AppCompatActivity() {
                }
            }
            updateScreenCapture(isScreenCaptureAllowed = state.isScreenCaptureAllowed)
-            LocalManagerProvider {
+            LocalManagerProvider(featureFlagsState = state.featureFlagsState) {
                ObserveScreenDataEffect(
                    onDataUpdate = remember(mainViewModel) {
                        {
@@ -121,11 +124,23 @@ class MainActivity : AppCompatActivity() {
                        }
                    },
                )
-                BitwardenTheme(theme = state.theme) {
-                    RootNavScreen(
-                        onSplashScreenRemoved = { shouldShowSplashScreen = false },
+                BitwardenTheme(
+                    theme = state.theme,
+                    dynamicColor = state.isDynamicColorsEnabled,
+                ) {
+                    NavHost(
                        navController = navController,
-                    )
+                        startDestination = ROOT_ROUTE,
+                    ) {
+                        // Nothing else should end up at this top level, we just want the ability
+                        // to have the debug menu appear on top of the rest of the app without
+                        // interacting with the state-based navigation used by the RootNavScreen.
+                        rootNavDestination { shouldShowSplashScreen = false }
+                        debugMenuDestination(
+                            onNavigateBack = { navController.popBackStack() },
+                            onSplashScreenRemoved = { shouldShowSplashScreen = false },
+                        )
+                    }
                }
            }
        }
@@ -140,6 +155,33 @@ class MainActivity : AppCompatActivity() {
        )
    }

+    override fun onResume() {
+        super.onResume()
+        // When the app resumes check for any app specific language which may have been
+        // set via the device settings. Similar to the theme setting in onCreate this
+        // ensures we properly set the values when upgrading from older versions
+        // that handle this differently or when the activity restarts.
+        val appSpecificLanguage = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
+            val locales: LocaleListCompat = AppCompatDelegate.getApplicationLocales()
+            if (locales.isEmpty) {
+                // App is using the system language
+                null
+            } else {
+                // App has specific language settings
+                locales.get(0)?.appLanguage
+            }
+        } else {
+            // For older versions, use what ever language is available from the repository.
+            settingsRepository.appLanguage
+        }
+
+        mainViewModel.trySendAction(
+            action = MainAction.AppSpecificLanguageUpdate(
+                appLanguage = appSpecificLanguage ?: AppLanguage.DEFAULT,
+            ),
+        )
+    }
+
    override fun onStop() {
        super.onStop()
        // In some scenarios on an emulator the Activity can leak when recreated
--- a/app/src/main/java/com/x8bit/bitwarden/MainViewModel.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/MainViewModel.kt
@@ -4,6 +4,10 @@ import android.content.Intent
 import android.os.Parcelable
 import androidx.lifecycle.SavedStateHandle
 import androidx.lifecycle.viewModelScope
+import com.bitwarden.ui.platform.base.BaseViewModel
+import com.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
+import com.bitwarden.ui.util.Text
+import com.bitwarden.ui.util.asText
 import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManager
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
@@ -11,29 +15,29 @@ import com.x8bit.bitwarden.data.auth.repository.model.EmailTokenResult
 import com.x8bit.bitwarden.data.auth.util.getCompleteRegistrationDataIntentOrNull
 import com.x8bit.bitwarden.data.auth.util.getPasswordlessRequestDataIntentOrNull
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilitySelectionManager
-import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2CredentialManager
-import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2AssertionRequestOrNull
-import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2CreateCredentialRequestOrNull
-import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2GetCredentialsRequestOrNull
 import com.x8bit.bitwarden.data.autofill.manager.AutofillSelectionManager
 import com.x8bit.bitwarden.data.autofill.util.getAutofillSaveItemOrNull
 import com.x8bit.bitwarden.data.autofill.util.getAutofillSelectionDataOrNull
+import com.x8bit.bitwarden.data.credentials.manager.BitwardenCredentialManager
+import com.x8bit.bitwarden.data.credentials.util.getCreateCredentialRequestOrNull
+import com.x8bit.bitwarden.data.credentials.util.getFido2AssertionRequestOrNull
+import com.x8bit.bitwarden.data.credentials.util.getGetCredentialsRequestOrNull
 import com.x8bit.bitwarden.data.platform.manager.AppResumeManager
+import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
 import com.x8bit.bitwarden.data.platform.manager.SpecialCircumstanceManager
 import com.x8bit.bitwarden.data.platform.manager.garbage.GarbageCollectionManager
 import com.x8bit.bitwarden.data.platform.manager.model.AppResumeScreenData
 import com.x8bit.bitwarden.data.platform.manager.model.CompleteRegistrationData
+import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
 import com.x8bit.bitwarden.data.platform.manager.model.SpecialCircumstance
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.data.platform.util.isAddTotpLoginItemFromAuthenticator
 import com.x8bit.bitwarden.data.vault.manager.model.VaultStateEvent
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
-import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
-import com.x8bit.bitwarden.ui.platform.base.util.Text
-import com.x8bit.bitwarden.ui.platform.base.util.asText
-import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
+import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppLanguage
 import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
+import com.x8bit.bitwarden.ui.platform.model.FeatureFlagsState
 import com.x8bit.bitwarden.ui.platform.util.isAccountSecurityShortcut
 import com.x8bit.bitwarden.ui.platform.util.isMyVaultShortcut
 import com.x8bit.bitwarden.ui.platform.util.isPasswordGeneratorShortcut
@@ -54,6 +58,7 @@ import java.time.Clock
 import javax.inject.Inject

 private const val SPECIAL_CIRCUMSTANCE_KEY = "special-circumstance"
+private const val ANIMATION_REFRESH_DELAY = 500L

 /**
 * A view model that helps launch actions for the [MainActivity].
@@ -63,12 +68,13 @@ private const val SPECIAL_CIRCUMSTANCE_KEY = "special-circumstance"
 class MainViewModel @Inject constructor(
    accessibilitySelectionManager: AccessibilitySelectionManager,
    autofillSelectionManager: AutofillSelectionManager,
+    featureFlagManager: FeatureFlagManager,
    private val addTotpItemFromAuthenticatorManager: AddTotpItemFromAuthenticatorManager,
    private val specialCircumstanceManager: SpecialCircumstanceManager,
    private val garbageCollectionManager: GarbageCollectionManager,
-    private val fido2CredentialManager: Fido2CredentialManager,
+    private val bitwardenCredentialManager: BitwardenCredentialManager,
    private val intentManager: IntentManager,
-    settingsRepository: SettingsRepository,
+    private val settingsRepository: SettingsRepository,
    private val vaultRepository: VaultRepository,
    private val authRepository: AuthRepository,
    private val environmentRepository: EnvironmentRepository,
@@ -79,6 +85,10 @@ class MainViewModel @Inject constructor(
    initialState = MainState(
        theme = settingsRepository.appTheme,
        isScreenCaptureAllowed = settingsRepository.isScreenCaptureAllowed,
+        isErrorReportingDialogEnabled = featureFlagManager.getFeatureFlag(
+            key = FlagKey.MobileErrorReporting,
+        ),
+        isDynamicColorsEnabled = settingsRepository.isDynamicColorsEnabled,
    ),
 ) {
    private var specialCircumstance: SpecialCircumstance?
@@ -96,6 +106,12 @@ class MainViewModel @Inject constructor(
            .onEach { specialCircumstance = it }
            .launchIn(viewModelScope)

+        featureFlagManager
+            .getFeatureFlagFlow(key = FlagKey.MobileErrorReporting)
+            .map { MainAction.Internal.OnMobileErrorReportingReceive(it) }
+            .onEach(::sendAction)
+            .launchIn(viewModelScope)
+
        accessibilitySelectionManager
            .accessibilitySelectionFlow
            .map { MainAction.Internal.AccessibilitySelectionReceive(it) }
@@ -123,6 +139,12 @@ class MainViewModel @Inject constructor(
            .onEach(::trySendAction)
            .launchIn(viewModelScope)

+        settingsRepository
+            .isDynamicColorsEnabledFlow
+            .map { MainAction.Internal.DynamicColorsUpdate(it) }
+            .onEach(::trySendAction)
+            .launchIn(viewModelScope)
+
        authRepository
            .userStateFlow
            .drop(count = 1)
@@ -134,8 +156,7 @@ class MainViewModel @Inject constructor(
                // Switching between account states often involves some kind of animation (ex:
                // account switcher) that we might want to give time to finish before triggering
                // a refresh.
-                @Suppress("MagicNumber")
-                delay(500)
+                delay(ANIMATION_REFRESH_DELAY)
                trySendAction(MainAction.Internal.CurrentUserStateChange)
            }
            .launchIn(viewModelScope)
@@ -147,8 +168,7 @@ class MainViewModel @Inject constructor(
                    is VaultStateEvent.Locked -> {
                        // Similar to account switching, triggering this action too soon can
                        // interfere with animations or navigation logic, so we will delay slightly.
-                        @Suppress("MagicNumber")
-                        delay(500)
+                        delay(ANIMATION_REFRESH_DELAY)
                        trySendAction(MainAction.Internal.VaultUnlockStateChange)
                    }

@@ -172,6 +192,17 @@ class MainViewModel @Inject constructor(
    }

    override fun handleAction(action: MainAction) {
+        when (action) {
+            is MainAction.ReceiveFirstIntent -> handleFirstIntentReceived(action)
+            is MainAction.ReceiveNewIntent -> handleNewIntentReceived(action)
+            MainAction.OpenDebugMenu -> handleOpenDebugMenu()
+            is MainAction.ResumeScreenDataReceived -> handleAppResumeDataUpdated(action)
+            is MainAction.AppSpecificLanguageUpdate -> handleAppSpecificLanguageUpdate(action)
+            is MainAction.Internal -> handleInternalAction(action)
+        }
+    }
+
+    private fun handleInternalAction(action: MainAction.Internal) {
        when (action) {
            is MainAction.Internal.AccessibilitySelectionReceive -> {
                handleAccessibilitySelectionReceive(action)
@@ -185,13 +216,25 @@ class MainViewModel @Inject constructor(
            is MainAction.Internal.ScreenCaptureUpdate -> handleScreenCaptureUpdate(action)
            is MainAction.Internal.ThemeUpdate -> handleAppThemeUpdated(action)
            is MainAction.Internal.VaultUnlockStateChange -> handleVaultUnlockStateChange()
-            is MainAction.ReceiveFirstIntent -> handleFirstIntentReceived(action)
-            is MainAction.ReceiveNewIntent -> handleNewIntentReceived(action)
-            MainAction.OpenDebugMenu -> handleOpenDebugMenu()
-            is MainAction.ResumeScreenDataReceived -> handleAppResumeDataUpdated(action)
+            is MainAction.Internal.DynamicColorsUpdate -> handleDynamicColorsUpdate(action)
+            is MainAction.Internal.OnMobileErrorReportingReceive -> {
+                handleOnMobileErrorReportingReceive(action)
+            }
        }
    }

+    private fun handleOnMobileErrorReportingReceive(
+        action: MainAction.Internal.OnMobileErrorReportingReceive,
+    ) {
+        mutableStateFlow.update {
+            it.copy(isErrorReportingDialogEnabled = action.isErrorReportingEnabled)
+        }
+    }
+
+    private fun handleAppSpecificLanguageUpdate(action: MainAction.AppSpecificLanguageUpdate) {
+        settingsRepository.appLanguage = action.appLanguage
+    }
+
    private fun handleAppResumeDataUpdated(action: MainAction.ResumeScreenDataReceived) {
        when (val data = action.screenResumeData) {
            null -> appResumeManager.clearResumeScreen()
@@ -234,6 +277,10 @@ class MainViewModel @Inject constructor(
        recreateUiAndGarbageCollect()
    }

+    private fun handleDynamicColorsUpdate(action: MainAction.Internal.DynamicColorsUpdate) {
+        mutableStateFlow.update { it.copy(isDynamicColorsEnabled = action.isDynamicColorsEnabled) }
+    }
+
    private fun handleFirstIntentReceived(action: MainAction.ReceiveFirstIntent) {
        handleIntent(
            intent = action.intent,
@@ -274,10 +321,10 @@ class MainViewModel @Inject constructor(
        val hasGeneratorShortcut = intent.isPasswordGeneratorShortcut
        val hasVaultShortcut = intent.isMyVaultShortcut
        val hasAccountSecurityShortcut = intent.isAccountSecurityShortcut
-        val fido2CreateCredentialRequestData = intent.getFido2CreateCredentialRequestOrNull()
        val completeRegistrationData = intent.getCompleteRegistrationDataIntentOrNull()
-        val fido2CredentialAssertionRequest = intent.getFido2AssertionRequestOrNull()
-        val fido2GetCredentialsRequest = intent.getFido2GetCredentialsRequestOrNull()
+        val createCredentialRequest = intent.getCreateCredentialRequestOrNull()
+        val getCredentialsRequest = intent.getGetCredentialsRequestOrNull()
+        val fido2AssertCredentialRequest = intent.getFido2AssertionRequestOrNull()
        when {
            passwordlessRequestData != null -> {
                authRepository.activeUserId?.let {
@@ -335,41 +382,43 @@ class MainViewModel @Inject constructor(
                    )
            }

-            fido2CreateCredentialRequestData != null -> {
+            createCredentialRequest != null -> {
                // Set the user's verification status when a new FIDO 2 request is received to force
                // explicit verification if the user's vault is unlocked when the request is
                // received.
-                fido2CreateCredentialRequestData.isUserVerified
-                    ?.let { isVerified -> fido2CredentialManager.isUserVerified = isVerified }
+                bitwardenCredentialManager.isUserVerified =
+                    createCredentialRequest.isUserPreVerified
+
                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.Fido2Save(
-                        fido2CreateCredentialRequest = fido2CreateCredentialRequestData,
+                    SpecialCircumstance.ProviderCreateCredential(
+                        createCredentialRequest = createCredentialRequest,
                    )

                // Switch accounts if the selected user is not the active user.
                if (authRepository.activeUserId != null &&
-                    authRepository.activeUserId != fido2CreateCredentialRequestData.userId
+                    authRepository.activeUserId != createCredentialRequest.userId
                ) {
-                    authRepository.switchAccount(fido2CreateCredentialRequestData.userId)
+                    authRepository.switchAccount(createCredentialRequest.userId)
                }
            }

-            fido2CredentialAssertionRequest != null -> {
-                // If device biometric verification was performed as part of single-tap
-                // authentication, set the user's verification state to the device result.
-                // Otherwise, retain the verification state as-is.
-                fido2CredentialAssertionRequest.isUserVerified
-                    ?.let { isVerified -> fido2CredentialManager.isUserVerified = isVerified }
+            fido2AssertCredentialRequest != null -> {
+                // Set the user's verification status when a new FIDO 2 request is received to force
+                // explicit verification if the user's vault is unlocked when the request is
+                // received.
+                bitwardenCredentialManager.isUserVerified =
+                    fido2AssertCredentialRequest.isUserPreVerified
+
                specialCircumstanceManager.specialCircumstance =
                    SpecialCircumstance.Fido2Assertion(
-                        fido2AssertionRequest = fido2CredentialAssertionRequest,
+                        fido2AssertionRequest = fido2AssertCredentialRequest,
                    )
            }

-            fido2GetCredentialsRequest != null -> {
+            getCredentialsRequest != null -> {
                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.Fido2GetCredentials(
-                        fido2GetCredentialsRequest = fido2GetCredentialsRequest,
+                    SpecialCircumstance.ProviderGetCredentials(
+                        getCredentialsRequest = getCredentialsRequest,
                    )
            }

@@ -445,7 +494,17 @@ class MainViewModel @Inject constructor(
 data class MainState(
    val theme: AppTheme,
    val isScreenCaptureAllowed: Boolean,
-) : Parcelable
+    val isDynamicColorsEnabled: Boolean,
+    private val isErrorReportingDialogEnabled: Boolean,
+) : Parcelable {
+    /**
+     * Contains all feature flags that are available to the UI.
+     */
+    val featureFlagsState: FeatureFlagsState
+        get() = FeatureFlagsState(
+            isErrorReportingDialogEnabled = isErrorReportingDialogEnabled,
+        )
+}

 /**
 * Models actions for the [MainActivity].
@@ -471,6 +530,12 @@ sealed class MainAction {
     */
    data class ResumeScreenDataReceived(val screenResumeData: AppResumeScreenData?) : MainAction()

+    /**
+     * Receive if there is an app specific locale selection made by user
+     * in the device's settings.
+     */
+    data class AppSpecificLanguageUpdate(val appLanguage: AppLanguage) : MainAction()
+
    /**
     * Actions for internal use by the ViewModel.
     */
@@ -483,6 +548,13 @@ sealed class MainAction {
            val cipherView: CipherView,
        ) : Internal()

+        /**
+         * Indicates the Mobile Error Reporting feature flag has been updated.
+         */
+        data class OnMobileErrorReportingReceive(
+            val isErrorReportingEnabled: Boolean,
+        ) : Internal()
+
        /**
         * Indicates the user has manually selected the given [cipherView] for autofill.
         */
@@ -513,6 +585,13 @@ sealed class MainAction {
         * Indicates a relevant change in the current vault lock state.
         */
        data object VaultUnlockStateChange : Internal()
+
+        /**
+         * Indicates that the dynamic colors state has changed.
+         */
+        data class DynamicColorsUpdate(
+            val isDynamicColorsEnabled: Boolean,
+        ) : Internal()
    }
 }

--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt
@@ -1,11 +1,11 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk

+import com.bitwarden.network.model.SyncResponseJson
+import com.bitwarden.network.provider.AppIdProvider
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountTokensJson
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeState
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.coroutines.flow.Flow
 import java.time.Instant

@@ -13,7 +13,7 @@ import java.time.Instant
 * Primary access point for disk information.
 */
@Suppress("TooManyFunctions")
-interface AuthDiskSource {
+interface AuthDiskSource : AppIdProvider {

    /**
     * The currently persisted authenticator sync symmetric key. This key is used for
@@ -21,13 +21,6 @@ interface AuthDiskSource {
     */
    var authenticatorSyncSymmetricKey: ByteArray?

-    /**
-     * Retrieves a unique ID for the application that is stored locally. This will generate a new
-     * one if it does not yet exist and it will only be reset for new installs or when clearing
-     * application data.
-     */
-    val uniqueAppId: String
-
    /**
     * The currently persisted saved email address (or `null` if not set).
     */
@@ -344,16 +337,6 @@ interface AuthDiskSource {
     */
    fun getShowImportLoginsFlow(userId: String): Flow<Boolean?>

-    /**
-     * Gets the new device notice state for the given [userId].
-     */
-    fun getNewDeviceNoticeState(userId: String): NewDeviceNoticeState
-
-    /**
-     * Stores the new device notice state for the given [userId].
-     */
-    fun storeNewDeviceNoticeState(userId: String, newState: NewDeviceNoticeState?)
-
    /**
     * Gets the last lock timestamp for the given [userId].
     */
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt
@@ -1,17 +1,15 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk

 import android.content.SharedPreferences
+import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
+import com.bitwarden.core.data.util.decodeFromStringOrNull
+import com.bitwarden.data.datasource.disk.BaseEncryptedDiskSource
+import com.bitwarden.network.model.SyncResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountTokensJson
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeDisplayStatus
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeState
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
-import com.x8bit.bitwarden.data.platform.datasource.disk.BaseEncryptedDiskSource
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStorageMigrator
-import com.x8bit.bitwarden.data.platform.repository.util.bufferedMutableSharedFlow
-import com.x8bit.bitwarden.data.platform.util.decodeFromStringOrNull
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.MutableSharedFlow
 import kotlinx.coroutines.flow.onSubscription
@@ -49,7 +47,6 @@ private const val TDE_LOGIN_COMPLETE = "tdeLoginComplete"
 private const val USES_KEY_CONNECTOR = "usesKeyConnector"
 private const val ONBOARDING_STATUS_KEY = "onboardingStatus"
 private const val SHOW_IMPORT_LOGINS_KEY = "showImportLogins"
-private const val NEW_DEVICE_NOTICE_STATE = "newDeviceNoticeState"
 private const val LAST_LOCK_TIMESTAMP = "lastLockTimestamp"

 /**
@@ -489,22 +486,6 @@ class AuthDiskSourceImpl(
        getMutableShowImportLoginsFlow(userId)
            .onSubscription { emit(getShowImportLogins(userId)) }

-    override fun getNewDeviceNoticeState(userId: String): NewDeviceNoticeState {
-        return getString(key = NEW_DEVICE_NOTICE_STATE.appendIdentifier(userId))?.let {
-            json.decodeFromStringOrNull(it)
-        } ?: NewDeviceNoticeState(
-            displayStatus = NewDeviceNoticeDisplayStatus.HAS_NOT_SEEN,
-            lastSeenDate = null,
-        )
-    }
-
-    override fun storeNewDeviceNoticeState(userId: String, newState: NewDeviceNoticeState?) {
-        putString(
-            key = NEW_DEVICE_NOTICE_STATE.appendIdentifier(userId),
-            value = newState?.let { json.encodeToString(it) },
-        )
-    }
-
    override fun getLastLockTimestamp(userId: String): Instant? {
        return getLong(key = LAST_LOCK_TIMESTAMP.appendIdentifier(userId))?.let {
            Instant.ofEpochMilli(it)
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/di/AuthDiskModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/di/AuthDiskModule.kt
@@ -1,10 +1,10 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk.di

 import android.content.SharedPreferences
+import com.bitwarden.data.datasource.disk.di.EncryptedPreferences
+import com.bitwarden.data.datasource.disk.di.UnencryptedPreferences
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSourceImpl
-import com.x8bit.bitwarden.data.platform.datasource.di.EncryptedPreferences
-import com.x8bit.bitwarden.data.platform.datasource.di.UnencryptedPreferences
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStorageMigrator
 import dagger.Module
 import dagger.Provides
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/AccountJson.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/AccountJson.kt
@@ -1,7 +1,8 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk.model

-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.UserDecryptionOptionsJson
+import com.bitwarden.data.datasource.disk.model.EnvironmentUrlDataJson
+import com.bitwarden.network.model.KdfTypeJson
+import com.bitwarden.network.model.UserDecryptionOptionsJson
 import kotlinx.serialization.Contextual
 import kotlinx.serialization.ExperimentalSerializationApi
 import kotlinx.serialization.SerialName
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/NewDeviceNoticeDisplayStatus.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/NewDeviceNoticeDisplayStatus.kt
@@ -1,60 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.disk.model
-
-import kotlinx.serialization.Contextual
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-import java.time.ZonedDateTime
-
-/**
- * Describes the current display status of the new device notice screen.
- */
-@Serializable
-enum class NewDeviceNoticeDisplayStatus {
-    /**
-     * The user has seen the screen and indicated they can access their email.
-     */
-    @SerialName("canAccessEmail")
-    CAN_ACCESS_EMAIL,
-
-    /**
-     * The user has indicated they can access their email
-     * as specified by the Permanent mode of the notice.
-     */
-    @SerialName("canAccessEmailPermanent")
-    CAN_ACCESS_EMAIL_PERMANENT,
-
-    /**
-     * The user has not seen the screen.
-     */
-    @SerialName("hasNotSeen")
-    HAS_NOT_SEEN,
-
-    /**
-     * The user has seen the screen and selected "remind me later".
-     */
-    @SerialName("hasSeen")
-    HAS_SEEN,
-}
-
-/**
- * The state of the new device notice screen.
- */
-@Suppress("MagicNumber")
-@Serializable
-data class NewDeviceNoticeState(
-    @SerialName("displayStatus")
-    val displayStatus: NewDeviceNoticeDisplayStatus,
-
-    @SerialName("lastSeenDate")
-    @Contextual
-    val lastSeenDate: ZonedDateTime?,
-) {
-    /**
-     * Whether the [lastSeenDate] is at least 7 days old.
-     */
-    val shouldDisplayNoticeIfSeen = lastSeenDate
-        ?.isBefore(
-            ZonedDateTime.now().minusDays(7),
-        )
-        ?: false
-}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/di/AuthNetworkModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/di/AuthNetworkModule.kt
@@ -1,26 +1,17 @@
 package com.x8bit.bitwarden.data.auth.datasource.network.di

-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationServiceImpl
-import com.x8bit.bitwarden.data.platform.datasource.network.retrofit.Retrofits
+import com.bitwarden.network.BitwardenServiceClient
+import com.bitwarden.network.service.AccountsService
+import com.bitwarden.network.service.AuthRequestsService
+import com.bitwarden.network.service.DevicesService
+import com.bitwarden.network.service.HaveIBeenPwnedService
+import com.bitwarden.network.service.IdentityService
+import com.bitwarden.network.service.NewAuthRequestService
+import com.bitwarden.network.service.OrganizationService
 import dagger.Module
 import dagger.Provides
 import dagger.hilt.InstallIn
 import dagger.hilt.components.SingletonComponent
-import kotlinx.serialization.json.Json
-import retrofit2.create
 import javax.inject.Singleton

 /**
@@ -33,70 +24,42 @@ object AuthNetworkModule {
    @Provides
    @Singleton
    fun providesAccountService(
-        retrofits: Retrofits,
-        json: Json,
-    ): AccountsService = AccountsServiceImpl(
-        unauthenticatedAccountsApi = retrofits.unauthenticatedApiRetrofit.create(),
-        authenticatedAccountsApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedKeyConnectorApi = retrofits.createStaticRetrofit().create(),
-        authenticatedKeyConnectorApi = retrofits
-            .createStaticRetrofit(isAuthenticated = true)
-            .create(),
-        json = json,
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): AccountsService = bitwardenServiceClient.accountsService

    @Provides
    @Singleton
    fun providesAuthRequestsService(
-        retrofits: Retrofits,
-    ): AuthRequestsService = AuthRequestsServiceImpl(
-        authenticatedAuthRequestsApi = retrofits.authenticatedApiRetrofit.create(),
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): AuthRequestsService = bitwardenServiceClient.authRequestsService

    @Provides
    @Singleton
    fun providesDevicesService(
-        retrofits: Retrofits,
-    ): DevicesService = DevicesServiceImpl(
-        authenticatedDevicesApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedDevicesApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): DevicesService = bitwardenServiceClient.devicesService

    @Provides
    @Singleton
    fun providesIdentityService(
-        retrofits: Retrofits,
-        json: Json,
-    ): IdentityService = IdentityServiceImpl(
-        unauthenticatedIdentityApi = retrofits.unauthenticatedIdentityRetrofit.create(),
-        json = json,
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): IdentityService = bitwardenServiceClient.identityService

    @Provides
    @Singleton
    fun providesHaveIBeenPwnedService(
-        retrofits: Retrofits,
-    ): HaveIBeenPwnedService = HaveIBeenPwnedServiceImpl(
-        api = retrofits
-            .createStaticRetrofit(baseUrl = "https://api.pwnedpasswords.com")
-            .create(),
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): HaveIBeenPwnedService = bitwardenServiceClient.haveIBeenPwnedService

    @Provides
    @Singleton
    fun providesNewAuthRequestService(
-        retrofits: Retrofits,
-    ): NewAuthRequestService = NewAuthRequestServiceImpl(
-        authenticatedAuthRequestsApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedAuthRequestsApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): NewAuthRequestService = bitwardenServiceClient.newAuthRequestService

    @Provides
    @Singleton
    fun providesOrganizationService(
-        retrofits: Retrofits,
-    ): OrganizationService = OrganizationServiceImpl(
-        authenticatedOrganizationApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedOrganizationApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): OrganizationService = bitwardenServiceClient.organizationService
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/sdk/util/KdfExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/sdk/util/KdfExtensions.kt
@@ -1,9 +1,9 @@
 package com.x8bit.bitwarden.data.auth.datasource.sdk.util

 import com.bitwarden.crypto.Kdf
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson.ARGON2_ID
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson.PBKDF2_SHA256
+import com.bitwarden.network.model.KdfTypeJson
+import com.bitwarden.network.model.KdfTypeJson.ARGON2_ID
+import com.bitwarden.network.model.KdfTypeJson.PBKDF2_SHA256

 /**
 * Convert a [Kdf] to a [KdfTypeJson].
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthRequestManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthRequestManagerImpl.kt
@@ -1,11 +1,14 @@
 package com.x8bit.bitwarden.data.auth.manager

 import com.bitwarden.core.AuthRequestResponse
+import com.bitwarden.core.data.util.asFailure
+import com.bitwarden.core.data.util.asSuccess
+import com.bitwarden.core.data.util.flatMap
+import com.bitwarden.network.model.AuthRequestTypeJson
+import com.bitwarden.network.service.AuthRequestsService
+import com.bitwarden.network.service.NewAuthRequestService
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestService
 import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
 import com.x8bit.bitwarden.data.auth.manager.model.AuthRequest
 import com.x8bit.bitwarden.data.auth.manager.model.AuthRequestResult
@@ -16,9 +19,7 @@ import com.x8bit.bitwarden.data.auth.manager.model.AuthRequestsUpdatesResult
 import com.x8bit.bitwarden.data.auth.manager.model.CreateAuthRequestResult
 import com.x8bit.bitwarden.data.auth.manager.util.isSso
 import com.x8bit.bitwarden.data.auth.manager.util.toAuthRequestTypeJson
-import com.x8bit.bitwarden.data.platform.util.asFailure
-import com.x8bit.bitwarden.data.platform.util.asSuccess
-import com.x8bit.bitwarden.data.platform.util.flatMap
+import com.x8bit.bitwarden.data.platform.error.NoActiveUserException
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
 import kotlinx.coroutines.currentCoroutineContext
 import kotlinx.coroutines.delay
@@ -51,7 +52,9 @@ class AuthRequestManagerImpl(
    override fun getAuthRequestsWithUpdates(): Flow<AuthRequestsUpdatesResult> = flow {
        while (currentCoroutineContext().isActive) {
            when (val result = getAuthRequests()) {
-                AuthRequestsResult.Error -> emit(AuthRequestsUpdatesResult.Error)
+                is AuthRequestsResult.Error -> {
+                    emit(AuthRequestsUpdatesResult.Error(error = result.error))
+                }

                is AuthRequestsResult.Success -> {
                    emit(AuthRequestsUpdatesResult.Update(authRequests = result.authRequests))
@@ -70,9 +73,8 @@ class AuthRequestManagerImpl(
            email = email,
            authRequestType = authRequestType.toAuthRequestTypeJson(),
        )
-            .getOrNull()
-            ?: run {
-                emit(CreateAuthRequestResult.Error)
+            .getOrElse {
+                emit(CreateAuthRequestResult.Error(error = it))
                return@flow
            }
        var authRequest = initialResult.authRequest
@@ -103,7 +105,7 @@ class AuthRequestManagerImpl(
                    )
                }
                .fold(
-                    onFailure = { emit(CreateAuthRequestResult.Error) },
+                    onFailure = { emit(CreateAuthRequestResult.Error(error = it)) },
                    onSuccess = { updateAuthRequest ->
                        when {
                            updateAuthRequest.requestApproved -> {
@@ -182,7 +184,7 @@ class AuthRequestManagerImpl(
                    )
                }
                .fold(
-                    onFailure = { emit(AuthRequestUpdatesResult.Error) },
+                    onFailure = { emit(AuthRequestUpdatesResult.Error(error = it)) },
                    onSuccess = { updateAuthRequest ->
                        when {
                            updateAuthRequest.requestApproved -> {
@@ -218,13 +220,18 @@ class AuthRequestManagerImpl(
        fingerprint: String,
    ): Flow<AuthRequestUpdatesResult> = getAuthRequest {
        when (val authRequestsResult = getAuthRequests()) {
-            AuthRequestsResult.Error -> AuthRequestUpdatesResult.Error
+            is AuthRequestsResult.Error -> {
+                AuthRequestUpdatesResult.Error(error = authRequestsResult.error)
+            }
+
            is AuthRequestsResult.Success -> {
                authRequestsResult
                    .authRequests
                    .firstOrNull { it.fingerprint == fingerprint }
                    ?.let { AuthRequestUpdatesResult.Update(it) }
-                    ?: AuthRequestUpdatesResult.Error
+                    ?: AuthRequestUpdatesResult.Error(
+                        error = IllegalStateException("Could not find the auth request."),
+                    )
            }
        }
    }
@@ -234,30 +241,28 @@ class AuthRequestManagerImpl(
    ): Flow<AuthRequestUpdatesResult> = getAuthRequest {
        authRequestsService
            .getAuthRequest(requestId)
-            .map { response ->
-                getFingerprintPhrase(response.publicKey).getOrNull()?.let { fingerprint ->
-                    AuthRequest(
-                        id = response.id,
-                        publicKey = response.publicKey,
-                        platform = response.platform,
-                        ipAddress = response.ipAddress,
-                        key = response.key,
-                        masterPasswordHash = response.masterPasswordHash,
-                        creationDate = response.creationDate,
-                        responseDate = response.responseDate,
-                        requestApproved = response.requestApproved ?: false,
-                        originUrl = response.originUrl,
-                        fingerprint = fingerprint,
-                    )
-                }
+            .mapCatching { response ->
+                getFingerprintPhrase(response.publicKey)
+                    .getOrThrow()
+                    .let { fingerprint ->
+                        AuthRequest(
+                            id = response.id,
+                            publicKey = response.publicKey,
+                            platform = response.platform,
+                            ipAddress = response.ipAddress,
+                            key = response.key,
+                            masterPasswordHash = response.masterPasswordHash,
+                            creationDate = response.creationDate,
+                            responseDate = response.responseDate,
+                            requestApproved = response.requestApproved ?: false,
+                            originUrl = response.originUrl,
+                            fingerprint = fingerprint,
+                        )
+                    }
            }
            .fold(
-                onFailure = { AuthRequestUpdatesResult.Error },
-                onSuccess = { authRequest ->
-                    authRequest
-                        ?.let { AuthRequestUpdatesResult.Update(it) }
-                        ?: AuthRequestUpdatesResult.Error
-                },
+                onFailure = { AuthRequestUpdatesResult.Error(error = it) },
+                onSuccess = { AuthRequestUpdatesResult.Update(authRequest = it) },
            )
    }

@@ -309,7 +314,7 @@ class AuthRequestManagerImpl(
                }
            }
            .fold(
-                onFailure = { AuthRequestsResult.Error },
+                onFailure = { AuthRequestsResult.Error(error = it) },
                onSuccess = { AuthRequestsResult.Success(authRequests = it) },
            )

@@ -319,7 +324,7 @@ class AuthRequestManagerImpl(
        publicKey: String,
        isApproved: Boolean,
    ): AuthRequestResult {
-        val userId = activeUserId ?: return AuthRequestResult.Error
+        val userId = activeUserId ?: return AuthRequestResult.Error(error = NoActiveUserException())
        return vaultSdkSource
            .getAuthRequestKey(
                publicKey = publicKey,
@@ -350,7 +355,7 @@ class AuthRequestManagerImpl(
                )
            }
            .fold(
-                onFailure = { AuthRequestResult.Error },
+                onFailure = { AuthRequestResult.Error(error = it) },
                onSuccess = { AuthRequestResult.Success(authRequest = it) },
            )
    }
@@ -462,7 +467,7 @@ class AuthRequestManagerImpl(
        publicKey: String,
    ): Result<String> {
        val profile = authDiskSource.userState?.activeAccount?.profile
-            ?: return IllegalStateException("No active account").asFailure()
+            ?: return NoActiveUserException().asFailure()
        return authSdkSource.getUserFingerprint(
            email = profile.email,
            publicKey = publicKey,
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthRequestNotificationManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthRequestNotificationManagerImpl.kt
@@ -7,13 +7,13 @@ import androidx.compose.ui.graphics.Color
 import androidx.core.app.NotificationChannelCompat
 import androidx.core.app.NotificationCompat
 import androidx.core.app.NotificationManagerCompat
+import com.bitwarden.annotation.OmitFromCoverage
+import com.bitwarden.data.manager.DispatcherManager
 import com.x8bit.bitwarden.R
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.util.createPasswordlessRequestDataIntent
 import com.x8bit.bitwarden.data.autofill.util.toPendingIntentMutabilityFlag
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.platform.manager.PushManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.manager.model.PasswordlessRequestData
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.flow.launchIn
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthTokenManager.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthTokenManager.kt
@@ -0,0 +1,8 @@
+package com.x8bit.bitwarden.data.auth.manager
+
+import com.bitwarden.network.interceptor.AuthTokenProvider
+
+/**
+ * A manager class for handling authentication tokens.
+ */
+interface AuthTokenManager : AuthTokenProvider
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthTokenManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthTokenManagerImpl.kt
@@ -0,0 +1,17 @@
+package com.x8bit.bitwarden.data.auth.manager
+
+import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
+
+/**
+ * Default implementation of [AuthTokenManager].
+ */
+class AuthTokenManagerImpl(
+    private val authDiskSource: AuthDiskSource,
+) : AuthTokenManager {
+
+    override fun getActiveAccessTokenOrNull(): String? = authDiskSource
+        .userState
+        ?.activeUserId
+        ?.let { authDiskSource.getAccountTokens(it) }
+        ?.accessToken
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/KeyConnectorManager.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/KeyConnectorManager.kt
@@ -2,8 +2,9 @@ package com.x8bit.bitwarden.data.auth.manager

 import com.bitwarden.core.KeyConnectorResponse
 import com.bitwarden.crypto.Kdf
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyResponseJson
+import com.bitwarden.network.model.KdfTypeJson
+import com.bitwarden.network.model.KeyConnectorMasterKeyResponseJson
+import com.x8bit.bitwarden.data.auth.manager.model.MigrateExistingUserToKeyConnectorResult

 /**
 * Manager used to interface with a key connector.
@@ -28,7 +29,7 @@ interface KeyConnectorManager {
        email: String,
        masterPassword: String,
        kdf: Kdf,
-    ): Result<Unit>
+    ): Result<MigrateExistingUserToKeyConnectorResult>

    /**
     * Migrates a new user to use the key connector.
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/KeyConnectorManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/KeyConnectorManagerImpl.kt
@@ -1,14 +1,16 @@
 package com.x8bit.bitwarden.data.auth.manager

 import com.bitwarden.core.KeyConnectorResponse
+import com.bitwarden.core.data.util.flatMap
 import com.bitwarden.crypto.Kdf
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorKeyRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
+import com.bitwarden.network.model.KdfTypeJson
+import com.bitwarden.network.model.KeyConnectorKeyRequestJson
+import com.bitwarden.network.model.KeyConnectorMasterKeyResponseJson
+import com.bitwarden.network.service.AccountsService
 import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
-import com.x8bit.bitwarden.data.platform.util.flatMap
+import com.x8bit.bitwarden.data.auth.manager.model.MigrateExistingUserToKeyConnectorResult
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
+import com.x8bit.bitwarden.data.vault.datasource.sdk.model.DeriveKeyConnectorResult

 /**
 * The default implementation of the [KeyConnectorManager].
@@ -34,7 +36,7 @@ class KeyConnectorManagerImpl(
        email: String,
        masterPassword: String,
        kdf: Kdf,
-    ): Result<Unit> =
+    ): Result<MigrateExistingUserToKeyConnectorResult> =
        vaultSdkSource
            .deriveKeyConnector(
                userId = userId,
@@ -43,10 +45,36 @@ class KeyConnectorManagerImpl(
                password = masterPassword,
                kdf = kdf,
            )
-            .flatMap { masterKey ->
-                accountsService.storeMasterKeyToKeyConnector(url = url, masterKey = masterKey)
+            .map { result: DeriveKeyConnectorResult ->
+                when (result) {
+                    is DeriveKeyConnectorResult.Error -> {
+                        MigrateExistingUserToKeyConnectorResult.Error(result.error)
+                    }
+
+                    is DeriveKeyConnectorResult.Success -> {
+                        accountsService
+                            .storeMasterKeyToKeyConnector(
+                                url = url,
+                                masterKey = result.derivedKey,
+                            )
+                            .flatMap {
+                                accountsService.convertToKeyConnector()
+                            }
+                            .fold(
+                                onSuccess = {
+                                    MigrateExistingUserToKeyConnectorResult.Success
+                                },
+                                onFailure = {
+                                    MigrateExistingUserToKeyConnectorResult.Error(it)
+                                },
+                            )
+                    }
+
+                    is DeriveKeyConnectorResult.WrongPasswordError -> {
+                        MigrateExistingUserToKeyConnectorResult.WrongPasswordError
+                    }
+                }
            }
-            .flatMap { accountsService.convertToKeyConnector() }

    override suspend fun migrateNewUserToKeyConnector(
        url: String,
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/TrustedDeviceManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/TrustedDeviceManagerImpl.kt
@@ -1,11 +1,11 @@
 package com.x8bit.bitwarden.data.auth.manager

+import com.bitwarden.core.data.util.asSuccess
+import com.bitwarden.core.data.util.flatMap
 import com.bitwarden.crypto.TrustDeviceResponse
+import com.bitwarden.network.service.DevicesService
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
 import com.x8bit.bitwarden.data.auth.manager.util.toUserStateJson
-import com.x8bit.bitwarden.data.platform.util.asSuccess
-import com.x8bit.bitwarden.data.platform.util.flatMap
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource

 /**
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/UserLogoutManager.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/UserLogoutManager.kt
@@ -1,6 +1,7 @@
 package com.x8bit.bitwarden.data.auth.manager

 import com.x8bit.bitwarden.data.auth.manager.model.LogoutEvent
+import com.x8bit.bitwarden.data.auth.repository.model.LogoutReason
 import kotlinx.coroutines.flow.SharedFlow

 /**
@@ -14,15 +15,14 @@ interface UserLogoutManager {
    val logoutEventFlow: SharedFlow<LogoutEvent>

    /**
-     * Completely logs out the given [userId], removing all data. If [isExpired] is true, a toast
-     * will be displayed letting the user know the session has expired.
+     * Completely logs out the given [userId], removing all data. The [reason] indicates why the
+     * user is being logged out.
     */
-    fun logout(userId: String, isExpired: Boolean = false)
+    fun logout(userId: String, reason: LogoutReason)

    /**
     * Partially logs out the given [userId]. All data for the given [userId] will be removed with
-     * the exception of basic account data. If [isExpired] is true, a toast will be displayed
-     * letting the user know the session has expired.
+     * the exception of basic account data. The [reason] indicates why the user is being logged out.
     */
-    fun softLogout(userId: String, isExpired: Boolean = false)
+    fun softLogout(userId: String, reason: LogoutReason)
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/UserLogoutManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/UserLogoutManagerImpl.kt
@@ -3,13 +3,14 @@ package com.x8bit.bitwarden.data.auth.manager
 import android.content.Context
 import android.widget.Toast
 import androidx.annotation.StringRes
+import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
+import com.bitwarden.data.manager.DispatcherManager
 import com.x8bit.bitwarden.R
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.manager.model.LogoutEvent
+import com.x8bit.bitwarden.data.auth.repository.model.LogoutReason
 import com.x8bit.bitwarden.data.platform.datasource.disk.PushDiskSource
 import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
-import com.x8bit.bitwarden.data.platform.repository.util.bufferedMutableSharedFlow
 import com.x8bit.bitwarden.data.tools.generator.datasource.disk.GeneratorDiskSource
 import com.x8bit.bitwarden.data.tools.generator.datasource.disk.PasswordHistoryDiskSource
 import com.x8bit.bitwarden.data.vault.datasource.disk.VaultDiskSource
@@ -19,6 +20,7 @@ import kotlinx.coroutines.flow.MutableSharedFlow
 import kotlinx.coroutines.flow.SharedFlow
 import kotlinx.coroutines.flow.asSharedFlow
 import kotlinx.coroutines.launch
+import timber.log.Timber

 /**
 * Primary implementation of [UserLogoutManager].
@@ -42,9 +44,10 @@ class UserLogoutManagerImpl(
        bufferedMutableSharedFlow()
    override val logoutEventFlow: SharedFlow<LogoutEvent> = mutableLogoutEventFlow.asSharedFlow()

-    override fun logout(userId: String, isExpired: Boolean) {
+    override fun logout(userId: String, reason: LogoutReason) {
        authDiskSource.userState ?: return
-
+        Timber.d("logout reason=$reason")
+        val isExpired = reason == LogoutReason.SecurityStamp
        if (isExpired) {
            showToast(message = R.string.login_expired)
        }
@@ -64,7 +67,9 @@ class UserLogoutManagerImpl(
        mutableLogoutEventFlow.tryEmit(LogoutEvent(loggedOutUserId = userId))
    }

-    override fun softLogout(userId: String, isExpired: Boolean) {
+    override fun softLogout(userId: String, reason: LogoutReason) {
+        Timber.d("softLogout reason=$reason")
+        val isExpired = reason == LogoutReason.SecurityStamp
        if (isExpired) {
            showToast(message = R.string.login_expired)
        }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/di/AuthManagerModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/di/AuthManagerModule.kt
@@ -1,11 +1,12 @@
 package com.x8bit.bitwarden.data.auth.manager.di

 import android.content.Context
+import com.bitwarden.data.manager.DispatcherManager
+import com.bitwarden.network.service.AccountsService
+import com.bitwarden.network.service.AuthRequestsService
+import com.bitwarden.network.service.DevicesService
+import com.bitwarden.network.service.NewAuthRequestService
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestService
 import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
 import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManager
 import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManagerImpl
@@ -13,6 +14,8 @@ import com.x8bit.bitwarden.data.auth.manager.AuthRequestManager
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestManagerImpl
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManager
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManagerImpl
+import com.x8bit.bitwarden.data.auth.manager.AuthTokenManager
+import com.x8bit.bitwarden.data.auth.manager.AuthTokenManagerImpl
 import com.x8bit.bitwarden.data.auth.manager.KeyConnectorManager
 import com.x8bit.bitwarden.data.auth.manager.KeyConnectorManagerImpl
 import com.x8bit.bitwarden.data.auth.manager.TrustedDeviceManager
@@ -22,7 +25,6 @@ import com.x8bit.bitwarden.data.auth.manager.UserLogoutManagerImpl
 import com.x8bit.bitwarden.data.platform.datasource.disk.PushDiskSource
 import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
 import com.x8bit.bitwarden.data.platform.manager.PushManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.tools.generator.datasource.disk.GeneratorDiskSource
 import com.x8bit.bitwarden.data.tools.generator.datasource.disk.PasswordHistoryDiskSource
 import com.x8bit.bitwarden.data.vault.datasource.disk.VaultDiskSource
@@ -131,4 +133,10 @@ object AuthManagerModule {
    @Singleton
    fun providesAddTotpItemFromAuthenticatorManager(): AddTotpItemFromAuthenticatorManager =
        AddTotpItemFromAuthenticatorManagerImpl()
+
+    @Provides
+    @Singleton
+    fun providesAuthTokenManager(
+        authDiskSource: AuthDiskSource,
+    ): AuthTokenManager = AuthTokenManagerImpl(authDiskSource = authDiskSource)
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestResult.kt
@@ -14,5 +14,7 @@ sealed class AuthRequestResult {
    /**
     * There was an error getting the user's auth requests.
     */
-    data object Error : AuthRequestResult()
+    data class Error(
+        val error: Throwable,
+    ) : AuthRequestResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestUpdatesResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestUpdatesResult.kt
@@ -19,7 +19,9 @@ sealed class AuthRequestUpdatesResult {
    /**
     * There was an error getting the user's auth requests.
     */
-    data object Error : AuthRequestUpdatesResult()
+    data class Error(
+        val error: Throwable,
+    ) : AuthRequestUpdatesResult()

    /**
     * The auth request has been declined.
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestsResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestsResult.kt
@@ -14,5 +14,7 @@ sealed class AuthRequestsResult {
    /**
     * There was an error getting the user's auth requests.
     */
-    data object Error : AuthRequestsResult()
+    data class Error(
+        val error: Throwable,
+    ) : AuthRequestsResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestsUpdatesResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestsUpdatesResult.kt
@@ -14,5 +14,7 @@ sealed class AuthRequestsUpdatesResult {
    /**
     * There was an error getting the user's auth requests.
     */
-    data object Error : AuthRequestsUpdatesResult()
+    data class Error(
+        val error: Throwable,
+    ) : AuthRequestsUpdatesResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/CreateAuthRequestResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/CreateAuthRequestResult.kt
@@ -23,7 +23,9 @@ sealed class CreateAuthRequestResult {
    /**
     * There was a generic error getting the user's auth requests.
     */
-    data object Error : CreateAuthRequestResult()
+    data class Error(
+        val error: Throwable,
+    ) : CreateAuthRequestResult()

    /**
     * The auth request has been declined.
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/MigrateExistingUserToKeyConnectorResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/MigrateExistingUserToKeyConnectorResult.kt
@@ -0,0 +1,23 @@
+package com.x8bit.bitwarden.data.auth.manager.model
+
+/**
+ * Models result of migrating existing user to key connector.
+ * */
+sealed class MigrateExistingUserToKeyConnectorResult {
+    /**
+     * Operation succeeded.
+     */
+    data object Success : MigrateExistingUserToKeyConnectorResult()
+
+    /**
+     * There was an error.
+     */
+    data class Error(
+        val error: Throwable,
+    ) : MigrateExistingUserToKeyConnectorResult()
+
+    /**
+     * Incorrect password provided.
+     */
+    data object WrongPasswordError : MigrateExistingUserToKeyConnectorResult()
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/util/AuthRequestTypeExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/util/AuthRequestTypeExtensions.kt
@@ -1,6 +1,6 @@
 package com.x8bit.bitwarden.data.auth.manager.util

-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestTypeJson
+import com.bitwarden.network.model.AuthRequestTypeJson
 import com.x8bit.bitwarden.data.auth.manager.model.AuthRequestType

 /**
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/util/TrustDeviceResponseExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/util/TrustDeviceResponseExtensions.kt
@@ -1,9 +1,9 @@
 package com.x8bit.bitwarden.data.auth.manager.util

 import com.bitwarden.crypto.TrustDeviceResponse
+import com.bitwarden.network.model.TrustedDeviceUserDecryptionOptionsJson
+import com.bitwarden.network.model.UserDecryptionOptionsJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceUserDecryptionOptionsJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.UserDecryptionOptionsJson

 /**
 * Converts the given [TrustDeviceResponse] to an updated [UserStateJson], given the following
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt
@@ -1,17 +1,19 @@
 package com.x8bit.bitwarden.data.auth.repository

+import com.bitwarden.network.model.GetTokenResponseJson
+import com.bitwarden.network.model.SyncResponseJson
+import com.bitwarden.network.model.TwoFactorDataModel
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.ForcePasswordResetReason
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeState
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
-import com.x8bit.bitwarden.data.auth.datasource.network.model.GetTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TwoFactorDataModel
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestManager
 import com.x8bit.bitwarden.data.auth.repository.model.AuthState
 import com.x8bit.bitwarden.data.auth.repository.model.BreachCountResult
 import com.x8bit.bitwarden.data.auth.repository.model.DeleteAccountResult
 import com.x8bit.bitwarden.data.auth.repository.model.EmailTokenResult
 import com.x8bit.bitwarden.data.auth.repository.model.KnownDeviceResult
+import com.x8bit.bitwarden.data.auth.repository.model.LeaveOrganizationResult
 import com.x8bit.bitwarden.data.auth.repository.model.LoginResult
+import com.x8bit.bitwarden.data.auth.repository.model.LogoutReason
 import com.x8bit.bitwarden.data.auth.repository.model.NewSsoUserResult
 import com.x8bit.bitwarden.data.auth.repository.model.OrganizationDomainSsoDetailsResult
 import com.x8bit.bitwarden.data.auth.repository.model.PasswordHintResult
@@ -37,7 +39,6 @@ import com.x8bit.bitwarden.data.auth.repository.util.SsoCallbackResult
 import com.x8bit.bitwarden.data.auth.repository.util.WebAuthResult
 import com.x8bit.bitwarden.data.auth.util.YubiKeyResult
 import com.x8bit.bitwarden.data.platform.datasource.network.authenticator.AuthenticatorProvider
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.StateFlow

@@ -243,10 +244,20 @@ interface AuthRepository : AuthenticatorProvider, AuthRequestManager {
        orgIdentifier: String?,
    ): LoginResult

+    /**
+     * Continue the previously halted login attempt.
+     */
+    suspend fun continueKeyConnectorLogin(): LoginResult
+
+    /**
+     * Cancel the previously halted login attempt.
+     */
+    fun cancelKeyConnectorLogin()
+
    /**
     * Log out the current user.
     */
-    fun logout()
+    fun logout(reason: LogoutReason)

    /**
     * Requests that a one-time passcode be sent to the user's email.
@@ -424,17 +435,9 @@ interface AuthRepository : AuthenticatorProvider, AuthRequestManager {
    fun setOnboardingStatus(status: OnboardingStatus)

    /**
-     * Checks if a new device notice should be displayed.
+     * Leaves the organization that matches the given [organizationId]
     */
-    fun checkUserNeedsNewDeviceTwoFactorNotice(): Boolean
-
-    /**
-     * Gets the new device notice state of active user.
-     */
-    fun getNewDeviceNoticeState(): NewDeviceNoticeState?
-
-    /**
-     * Stores the new device notice state for active user.
-     */
-    fun setNewDeviceNoticeState(newState: NewDeviceNoticeState?)
+    suspend fun leaveOrganization(
+        organizationId: String,
+    ): LeaveOrganizationResult
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/di/AuthRepositoryModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/di/AuthRepositoryModule.kt
@@ -1,11 +1,13 @@
 package com.x8bit.bitwarden.data.auth.repository.di

+import com.bitwarden.data.datasource.disk.ConfigDiskSource
+import com.bitwarden.data.manager.DispatcherManager
+import com.bitwarden.network.service.AccountsService
+import com.bitwarden.network.service.DevicesService
+import com.bitwarden.network.service.HaveIBeenPwnedService
+import com.bitwarden.network.service.IdentityService
+import com.bitwarden.network.service.OrganizationService
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationService
 import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestManager
 import com.x8bit.bitwarden.data.auth.manager.KeyConnectorManager
@@ -13,13 +15,11 @@ import com.x8bit.bitwarden.data.auth.manager.TrustedDeviceManager
 import com.x8bit.bitwarden.data.auth.manager.UserLogoutManager
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.auth.repository.AuthRepositoryImpl
-import com.x8bit.bitwarden.data.platform.datasource.disk.ConfigDiskSource
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
 import com.x8bit.bitwarden.data.platform.manager.FirstTimeActionManager
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.PushManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/BreachCountResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/BreachCountResult.kt
@@ -12,5 +12,8 @@ sealed class BreachCountResult {
    /**
     * There was an error determining if the password has been breached.
     */
-    data object Error : BreachCountResult()
+    data class Error(
+        val error: Throwable,
+        val message: String? = null,
+    ) : BreachCountResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/DeleteAccountResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/DeleteAccountResult.kt
@@ -12,5 +12,8 @@ sealed class DeleteAccountResult {
    /**
     * There was an error deleting the account.
     */
-    data class Error(val message: String?) : DeleteAccountResult()
+    data class Error(
+        val message: String?,
+        val error: Throwable?,
+    ) : DeleteAccountResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/EmailTokenResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/EmailTokenResult.kt
@@ -18,5 +18,8 @@ sealed class EmailTokenResult {
    /**
     * There was an error validating the token.
     */
-    data class Error(val message: String?) : EmailTokenResult()
+    data class Error(
+        val message: String?,
+        val error: Throwable?,
+    ) : EmailTokenResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/KnownDeviceResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/KnownDeviceResult.kt
@@ -12,5 +12,7 @@ sealed class KnownDeviceResult {
    /**
     * There was an error determining if this is a known device.
     */
-    data object Error : KnownDeviceResult()
+    data class Error(
+        val error: Throwable,
+    ) : KnownDeviceResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LeaveOrganizationResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LeaveOrganizationResult.kt
@@ -0,0 +1,18 @@
+package com.x8bit.bitwarden.data.auth.repository.model
+
+/**
+ * Models result of deleting an account.
+ */
+sealed class LeaveOrganizationResult {
+    /**
+     * Leave organization succeeded.
+     */
+    data object Success : LeaveOrganizationResult()
+
+    /**
+     * There was an error leaving the organization.
+     */
+    data class Error(
+        val error: Throwable?,
+    ) : LeaveOrganizationResult()
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResult.kt
@@ -14,15 +14,30 @@ sealed class LoginResult {
     */
    data class CaptchaRequired(val captchaId: String) : LoginResult()

+    /**
+     * Encryption key migration is required.
+     */
+    data object EncryptionKeyMigrationRequired : LoginResult()
+
    /**
     * Two-factor verification is required.
     */
    data object TwoFactorRequired : LoginResult()

+    /**
+     * User should confirm KeyConnector domain
+     */
+    data class ConfirmKeyConnectorDomain(
+        val domain: String,
+    ) : LoginResult()
+
    /**
     * There was an error logging in.
     */
-    data class Error(val errorMessage: String?) : LoginResult()
+    data class Error(
+        val errorMessage: String?,
+        val error: Throwable?,
+    ) : LoginResult()

    /**
     * There was an error while logging into an unofficial Bitwarden server.
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResultExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResultExtensions.kt
@@ -8,9 +8,12 @@ import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockResult
 * the necessary `message` if applicable.
 */
 fun VaultUnlockError.toLoginErrorResult(): LoginResult.Error = when (this) {
-    is VaultUnlockResult.AuthenticationError -> LoginResult.Error(this.message)
-    VaultUnlockResult.BiometricDecodingError,
-    VaultUnlockResult.GenericError,
-    VaultUnlockResult.InvalidStateError,
-        -> LoginResult.Error(errorMessage = null)
+    is VaultUnlockResult.AuthenticationError -> {
+        LoginResult.Error(errorMessage = this.message, error = this.error)
+    }
+
+    is VaultUnlockResult.BiometricDecodingError,
+    is VaultUnlockResult.GenericError,
+    is VaultUnlockResult.InvalidStateError,
+        -> LoginResult.Error(errorMessage = null, error = this.error)
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LogoutReason.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LogoutReason.kt
@@ -0,0 +1,76 @@
+package com.x8bit.bitwarden.data.auth.repository.model
+
+/**
+ * Indicates the reason that the user is being logged out.
+ */
+sealed class LogoutReason {
+    /**
+     * An optional additional tag for an event.
+     */
+    open val source: String? = null
+
+    /**
+     * Indicates that the logout is happening because the account was deleted.
+     */
+    data object AccountDelete : LogoutReason()
+
+    /**
+     * Indicates that the logout is related to biometrics.
+     */
+    sealed class Biometrics : LogoutReason() {
+        /**
+         * Indicates that the logout is caused by a biometrics lockout.
+         */
+        data object Lockout : Biometrics()
+
+        /**
+         * Indicates that the logout is happening because biometrics is no longer supported.
+         */
+        data object NoLongerSupported : Biometrics()
+    }
+
+    /**
+     * Indicates that the logout is happening because of an invalid state.
+     */
+    data class InvalidState(
+        override val source: String,
+    ) : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the user opted to logout via a button.
+     */
+    data class Click(
+        override val source: String,
+    ) : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the a logout notification was received.
+     */
+    data object Notification : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the sync security stamp was invalidated.
+     */
+    data object SecurityStamp : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because of a timeout action.
+     */
+    data object Timeout : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the access token could not be refreshed.
+     */
+    data object TokenRefreshFail : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the user tried to unlock the vault
+     * unsuccessfully too many times.
+     */
+    data object TooManyUnlockAttempts : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the left the organization.
+     */
+    data object LeftOrganization : LogoutReason()
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/NewSsoUserResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/NewSsoUserResult.kt
@@ -12,5 +12,7 @@ sealed class NewSsoUserResult {
    /**
     * There was an error while truing to create the new user.
     */
-    data object Failure : NewSsoUserResult()
+    data class Failure(
+        val error: Throwable,
+    ) : NewSsoUserResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/Organization.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/Organization.kt
@@ -1,6 +1,6 @@
 package com.x8bit.bitwarden.data.auth.repository.model

-import com.x8bit.bitwarden.data.vault.datasource.network.model.OrganizationType
+import com.bitwarden.network.model.OrganizationType

 /**
 * Represents an organization a user may be a member of.
@@ -11,6 +11,7 @@ import com.x8bit.bitwarden.data.vault.datasource.network.model.OrganizationType
 * own password.
 * @property shouldUseKeyConnector Indicates that the organization uses a key connector.
 * @property role The user's role in the organization.
+ * @property keyConnectorUrl The key connector domain (if applicable).
 */
 data class Organization(
    val id: String,
@@ -18,4 +19,6 @@ data class Organization(
    val shouldManageResetPassword: Boolean,
    val shouldUseKeyConnector: Boolean,
    val role: OrganizationType,
+    val keyConnectorUrl: String?,
+    val userIsClaimedByOrganization: Boolean,
 )
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/OrganizationDomainSsoDetailsResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/OrganizationDomainSsoDetailsResult.kt
@@ -22,5 +22,7 @@ sealed class OrganizationDomainSsoDetailsResult {
    /**
     * The request failed.
     */
-    data object Failure : OrganizationDomainSsoDetailsResult()
+    data class Failure(
+        val error: Throwable,
+    ) : OrganizationDomainSsoDetailsResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/PasswordHintResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/PasswordHintResult.kt
@@ -13,5 +13,8 @@ sealed class PasswordHintResult {
    /**
     * There was an error.
     */
-    data class Error(val message: String?) : PasswordHintResult()
+    data class Error(
+        val message: String?,
+        val error: Throwable?,
+    ) : PasswordHintResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/PasswordStrengthResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/PasswordStrengthResult.kt
@@ -16,5 +16,7 @@ sealed class PasswordStrengthResult {
    /**
     * There was an error determining the password strength.
     */
-    data object Error : PasswordStrengthResult()
+    data class Error(
+        val error: Throwable,
+    ) : PasswordStrengthResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/PrevalidateSsoResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/PrevalidateSsoResult.kt
@@ -16,5 +16,6 @@ sealed class PrevalidateSsoResult {
     */
    data class Failure(
        val message: String? = null,
+        val error: Throwable?,
    ) : PrevalidateSsoResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/RegisterResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/RegisterResult.kt
@@ -9,7 +9,7 @@ sealed class RegisterResult {
     *
     * @param captchaToken the captcha bypass token to bypass future captcha verifications.
     */
-    data class Success(val captchaToken: String) : RegisterResult()
+    data class Success(val captchaToken: String?) : RegisterResult()

    /**
     * Captcha verification is required.
@@ -23,7 +23,10 @@ sealed class RegisterResult {
     *
     * @param errorMessage a message describing the error.
     */
-    data class Error(val errorMessage: String?) : RegisterResult()
+    data class Error(
+        val errorMessage: String?,
+        val error: Throwable?,
+    ) : RegisterResult()

    /**
     * Password hash was found in a data breach.
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/RemovePasswordResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/RemovePasswordResult.kt
@@ -12,5 +12,12 @@ sealed class RemovePasswordResult {
    /**
     * There was an error removing the password.
     */
-    data object Error : RemovePasswordResult()
+    data class Error(
+        val error: Throwable,
+    ) : RemovePasswordResult()
+
+    /**
+     * There was wrong password error removing the password.
+     */
+    data object WrongPasswordError : RemovePasswordResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/RequestOtpResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/RequestOtpResult.kt
@@ -13,5 +13,8 @@ sealed class RequestOtpResult {
    /**
     * Represents a failure to send the one-time passcode.
     */
-    data class Error(val message: String?) : RequestOtpResult()
+    data class Error(
+        val message: String?,
+        val error: Throwable,
+    ) : RequestOtpResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/ResendEmailResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/ResendEmailResult.kt
@@ -13,5 +13,8 @@ sealed class ResendEmailResult {
    /**
     * There was an error.
     */
-    data class Error(val message: String?) : ResendEmailResult()
+    data class Error(
+        val message: String?,
+        val error: Throwable,
+    ) : ResendEmailResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/ResetPasswordResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/ResetPasswordResult.kt
@@ -12,5 +12,7 @@ sealed class ResetPasswordResult {
    /**
     * There was an error resetting the password.
     */
-    data object Error : ResetPasswordResult()
+    data class Error(
+        val error: Throwable,
+    ) : ResetPasswordResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/SendVerificationEmailResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/SendVerificationEmailResult.kt
@@ -18,5 +18,8 @@ sealed class SendVerificationEmailResult {
     *
     * @param errorMessage a message describing the error.
     */
-    data class Error(val errorMessage: String?) : SendVerificationEmailResult()
+    data class Error(
+        val errorMessage: String?,
+        val error: Throwable?,
+    ) : SendVerificationEmailResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/SetPasswordResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/SetPasswordResult.kt
@@ -12,5 +12,7 @@ sealed class SetPasswordResult {
    /**
     * There was an error setting the password.
     */
-    data object Error : SetPasswordResult()
+    data class Error(
+        val error: Throwable,
+    ) : SetPasswordResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/UserFingerprintResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/UserFingerprintResult.kt
@@ -14,5 +14,7 @@ sealed class UserFingerprintResult {
    /**
     * There was an error getting the user fingerprint.
     */
-    data object Error : UserFingerprintResult()
+    data class Error(
+        val error: Throwable,
+    ) : UserFingerprintResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/UserState.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/UserState.kt
@@ -1,9 +1,8 @@
 package com.x8bit.bitwarden.data.auth.repository.model

+import com.bitwarden.data.repository.model.Environment
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
-import com.x8bit.bitwarden.data.auth.repository.model.UserState.Account
 import com.x8bit.bitwarden.data.platform.manager.model.FirstTimeState
-import com.x8bit.bitwarden.data.platform.repository.model.Environment

 /**
 * Represents the overall "user state" of the current active user as well as any users that may be
--- a/Show More
+++ b/Show More