PM-34193: bug: Unlock vault from Never-Lock should be on io thread (#6727)

Co-authored-by: bw-ghapp[bot] <178206702+bw-ghapp[bot]@users.noreply.github.com>
Co-authored-by: Patrick Honkonen <phonkonen@bitwarden.com>

.claude/CLAUDE.md

@@ -1,105 +1,132 @@
-# Claude Guidelines
+# Bitwarden Android - Claude Code Configuration
 
-Core directives for maintaining code quality and consistency in the Bitwarden Android project.
+Official Android application for Bitwarden Password Manager and Bitwarden Authenticator, providing secure password management, two-factor authentication, and credential autofill services with zero-knowledge encryption.
 
-## Core Directives
+## Overview
 
-**You MUST follow these directives at all times.**
+- Multi-module Android application: `:app` (Password Manager), `:authenticator` (2FA TOTP generator)
+- Zero-knowledge architecture: encryption/decryption happens client-side via Bitwarden SDK
+- Target users: End-users via Google Play Store and F-Droid
 
-1. **Adhere to Architecture**: All code modifications MUST follow patterns in `docs/ARCHITECTURE.md`
-2. **Follow Code Style**: ALWAYS follow `docs/STYLE_AND_BEST_PRACTICES.md`
-3. **Error Handling**: Use Result types and sealed classes per architecture guidelines
-4. **Best Practices**: Follow Kotlin idioms (immutability, appropriate data structures, coroutines)
-5. **Document Everything**: All public APIs require KDoc documentation
-6. **Dependency Management**: Use Hilt DI patterns as established in the project
-7. **Use Established Patterns**: Leverage existing components before creating new ones
-8. **File References**: Use file:line_number format when referencing code
+### Key Concepts
 
-## Code Quality Standards
+- **Zero-Knowledge Architecture**: Server never has access to unencrypted vault data or encryption keys
+- **Bitwarden SDK**: Rust-based cryptographic SDK handling all encryption/decryption operations
+- **DataState**: Wrapper for streaming data states (Loading, Loaded, Pending, Error, NoNetwork)
+- **Result Types**: Custom sealed classes for operation results (never throw exceptions from data layer)
+- **UDF (Unidirectional Data Flow)**: State flows down, actions flow up through ViewModels
 
-### Module Organization
+---
 
-**Core Library Modules:**
-- **`:core`** - Common utilities and managers shared across multiple modules
-- **`:data`** - Data sources, database, data repositories
-- **`:network`** - Networking interfaces, API clients, network utilities
-- **`:ui`** - Reusable Bitwarden Composables, theming, UI utilities
+## Architecture
 
-**Application Modules:**
-- **`:app`** - Password Manager application, feature screens, ViewModels, DI setup
-- **`:authenticator`** - Authenticator application for 2FA/TOTP code generation
+```
+User Request (UI Action)
+         |
+    Screen (Compose)
+         |
+    ViewModel (State/Action/Event)
+         |
+    Repository (Business Logic)
+         |
+    +----+----+----+
+    |    |    |    |
+  Disk  Network  SDK
+   |      |      |
+ Room  Retrofit  Bitwarden
+  DB    APIs     Rust SDK
+```
 
-**Specialized Library Modules:**
-- **`:authenticatorbridge`** - Communication bridge between :authenticator and :app
-- **`:annotation`** - Custom annotations for code generation (Hilt, Room, etc.)
-- **`:cxf`** - Android Credential Exchange (CXF/CXP) integration layer
+### Key Principles
 
-### Patterns Enforcement
+1. **No Exceptions from Data Layer**: All suspending functions return `Result<T>` or custom sealed classes
+2. **State Hoisting to ViewModel**: All state that affects behavior must live in the ViewModel's state
+3. **Interface-Based DI**: All implementations use interface/`...Impl` pairs with Hilt injection
+4. **Encryption by Default**: All sensitive data encrypted via SDK before storage
 
-- **MVVM + UDF**: ViewModels with StateFlow, Compose UI
-- **Hilt DI**: Interface injection, @HiltViewModel, @Inject constructor
-- **Testing**: JUnit 5, MockK, Turbine for Flow testing
-- **Error Handling**: Sealed Result types, no throws in business logic
+### Core Patterns
 
-## Security Requirements
+- **BaseViewModel**: Enforces UDF with State/Action/Event pattern. See `ui/src/main/kotlin/com/bitwarden/ui/platform/base/BaseViewModel.kt`.
+- **Repository Result Pattern**: Type-safe error handling using custom sealed classes for discrete operations and `DataState<T>` wrapper for streaming data.
+- **Common Patterns**: Flow collection via `Internal` actions, error handling via `when` branches, `DataState` streaming with `.map { }` and `.stateIn()`.
 
-**Every change must consider:**
-- Zero-knowledge architecture preservation
-- Proper encryption key handling (Android Keystore)
-- Input validation and sanitization
-- Secure data storage patterns
-- Threat model implications
+> For complete architecture patterns, code templates, and module organization, see `docs/ARCHITECTURE.md`.
 
-## Workflow Practices
+---
 
-### Before Implementation
+## Development Guide
 
-1. Read relevant architecture documentation
-2. Search for existing patterns to follow
-3. Identify affected modules and dependencies
-4. Consider security implications
+### Workflow Skills
 
-### During Implementation
+> **Quick start**: Use `/plan-android-work <task>` to refine requirements and plan,
+> then `/work-on-android <task>` for implementation,
+> then `/review-android <PR#>` to review the result.
 
-1. Follow existing code style in surrounding files
-2. Write tests alongside implementation
-3. Add KDoc to all public APIs
-4. Validate against architecture guidelines
+Planning: 1–2 | Implementation: 3–7 | Review & PR: 8–10
 
-### After Implementation
+1. `refining-android-requirements` - Gap analysis and structured spec from any input source
+2. `planning-android-implementation` - Architecture design and phased task breakdown
+3. `implementing-android-code` - Patterns, gotchas, and templates for writing code
+4. `testing-android-code` - Test patterns and templates for verifying code
+5. `build-test-verify` - Build, test, lint, and deploy commands
+6. `perform-android-preflight-checklist` - Quality gate before committing
+7. `committing-android-changes` - Commit message format and pre-commit workflow
+8. `reviewing-changes` - Android-specific MVVM/Compose code review checklists (invoked by `/review-android`)
+9. `/review-android` - Full review workflow: PR context gathering → Android checklist → output
+10. `creating-android-pull-request` - PR creation workflow and templates
 
-1. Ensure all tests pass
-2. Verify compilation succeeds
-3. Review security considerations
-4. Update relevant documentation
+---
+
+## Security Rules
+
+**MANDATORY - These rules have no exceptions:**
+
+1. **Zero-Knowledge Architecture**: Never transmit unencrypted vault data or master passwords to the server. All encryption happens client-side via the Bitwarden SDK.
+2. **No Plaintext Key Storage**: Encryption keys must be stored using Android Keystore (biometric unlock) or encrypted with PIN/master password.
+3. **Sensitive Data Cleanup**: On logout, all sensitive data must be cleared from memory and storage via `UserLogoutManager.logout()`.
+4. **Input Validation**: Validate all user inputs before processing, especially URLs and credentials.
+5. **SDK Isolation**: Use scoped SDK sources (`ScopedVaultSdkSource`) to prevent cross-user crypto context leakage.
+
+---
+
+## Code Style & Standards
+
+- **Formatter**: Android Studio with `bitwarden-style.xml` | **Line Limit**: 100 chars | **Detekt**: Enabled
+- **Naming**: `camelCase` (vars/fns), `PascalCase` (classes), `SCREAMING_SNAKE_CASE` (constants), `...Impl` (implementations)
+- **KDoc**: Required for all public APIs
+- **String Resources**: Add new strings to `:ui` module (`ui/src/main/res/values/strings.xml`). Use typographic quotes/apostrophes (`"` `"` `'`) not escaped ASCII (`\"` `\'`)
+
+> For complete style rules (imports, formatting, documentation, Compose conventions), see `docs/STYLE_AND_BEST_PRACTICES.md`.
+
+---
 
 ## Anti-Patterns
 
-**Avoid these:**
-- Creating new patterns when established ones exist
-- Exception-based error handling in business logic
-- Direct dependency access (use DI)
-- Mutable state in ViewModels (use StateFlow)
-- Missing null safety handling
-- Undocumented public APIs
-- Tight coupling between modules
+In addition to the Key Principles above, follow these rules:
 
-## Communication & Decision-Making
+### DO
+- Map async results to internal actions before updating state
+- Inject `Clock` for time-dependent operations
+- Return early to reduce nesting
 
-Always clarify ambiguous requirements before implementing. Use specific questions:
-- "Should this use [Approach A] or [Approach B]?"
-- "This affects [X]. Proceed or review first?"
-- "Expected behavior for [specific requirement]?"
+### DON'T
+- Update state directly inside coroutines (use internal actions)
+- Use `any` types or suppress null safety
+- Catch generic `Exception` (catch specific types)
+- Use `e.printStackTrace()` (use Timber logging)
+- Create new patterns when established ones exist
+- Skip KDoc for public APIs
 
-Defer high-impact decisions to the user:
-- Architecture/module changes, public API modifications
-- Security mechanisms, database migrations
-- Third-party library additions
+---
 
-## Reference Documentation
+## Quick Reference
 
-Critical resources:
-- `docs/ARCHITECTURE.md` - Architecture patterns and principles
-- `docs/STYLE_AND_BEST_PRACTICES.md` - Code style guidelines
-
-**Do not duplicate information from these files - reference them instead.**
+- **Code style**: Full rules: `docs/STYLE_AND_BEST_PRACTICES.md`
+- **Before writing code**: Use `implementing-android-code` skill for Bitwarden-specific patterns, gotchas, and templates
+- **Before writing tests**: Use `testing-android-code` skill for test patterns and templates
+- **Building/testing**: Use `build-test-verify` skill | App tests: `./gradlew app:testStandardDebugUnitTest`
+- **Before committing**: Use `perform-android-preflight-checklist` skill, then `committing-android-changes` skill for message format
+- **Code review**: Use `/review-android` for the full review workflow; `reviewing-changes` skill for checklist-only
+- **Creating PRs**: Use `creating-android-pull-request` skill for PR workflow and templates
+- **Troubleshooting**: See `docs/TROUBLESHOOTING.md`
+- **Architecture**: `docs/ARCHITECTURE.md` | [Bitwarden SDK](https://github.com/bitwarden/sdk) | [Jetpack Compose](https://developer.android.com/jetpack/compose) | [Hilt DI](https://dagger.dev/hilt/)

.claude/agents/android-implementer/AGENT.md

@@ -0,0 +1,58 @@
+---
+name: android-implementer
+description: "Autonomously implements features, fixes bugs, and completes development tasks on the Bitwarden Android project. Drives the full /work-on-android lifecycle (implement, test, build, preflight, commit) with self-review at each phase. Use when the user wants end-to-end implementation without manual phase approvals. Proactively suggest after /plan-android-work completes or when planning output is ready for implementation."
+model: opus
+color: green
+tools: Bash, Read, Edit, Write, Glob, Grep, LSP, Agent, Skill(implementing-android-code), Skill(testing-android-code), Skill(build-test-verify), Skill(perform-android-preflight-checklist), Skill(committing-android-changes), Skill(work-on-android)
+---
+
+You are an elite Android implementation engineer specialized in the Bitwarden Android codebase. Your role is to autonomously drive implementation from start to finish, acting as both the implementer and the quality reviewer at each phase.
+
+## First Action: Invoke `/work-on-android`
+
+**Immediately invoke the `work-on-android` skill using the Skill tool.** This is your primary workflow — it defines the phases, invokes the correct sub-skills, and structures the entire implementation lifecycle. Do not manually orchestrate individual skills; let `/work-on-android` drive the phase sequence.
+
+Your added value on top of `/work-on-android` is autonomy: where the skill asks for user confirmation between phases, you provide that confirmation yourself by applying the self-review protocol below. Do not wait for human approval between phases — evaluate your own output, refine if necessary, and advance.
+
+## Self-Review Protocol
+
+At each phase transition where `/work-on-android` would normally ask the user to confirm, apply this review instead:
+
+```
+--- Phase Review: [Phase Name] ---
+Status: APPROVED / NEEDS REFINEMENT
+Findings: [brief assessment]
+Action: [Proceeding to next phase / Iterating on: X]
+---
+```
+
+If status is NEEDS REFINEMENT, iterate up to 3 times before proceeding with the best available output and noting remaining concerns.
+
+**Review criteria by phase:**
+- **Implementation**: Follows skill guidance and CLAUDE.md anti-patterns list?
+- **Testing**: Covers happy path, error cases, and edge cases?
+- **Build & Verify**: All tests pass? No compilation errors or warnings?
+- **Preflight**: Would this pass code review by a senior engineer?
+- **Commit**: Message clear, properly formatted, and accurate?
+
+## Decision-Making Framework
+
+- **When uncertain about a pattern**: Search the codebase for existing examples. Follow what exists rather than inventing.
+- **When finding multiple valid approaches**: Choose the one most consistent with nearby code in the same module.
+- **When discovering scope creep**: Note it as a follow-up item and stay focused on the original task.
+- **When tests fail**: Diagnose the root cause, fix it, and re-run. Don't skip failing tests.
+- **When a phase produces subpar output**: Iterate. Don't advance with known deficiencies unless you've exhausted reasonable refinement attempts.
+
+## Communication Style
+
+- Be concise and direct in phase transition summaries
+- Provide detailed technical reasoning only when making non-obvious decisions
+- Flag any genuine blockers that require human input clearly and specifically
+- At completion, provide a summary of what was implemented, what was tested, and any follow-up items
+
+## Critical Rules
+
+1. **Minimize user interruptions**: Only escalate for genuine ambiguities that codebase context cannot resolve.
+2. **Never skip testing**: Every implementation phase must have corresponding tests.
+3. **Never invent new patterns**: Use established codebase patterns. Search for examples first.
+4. **Never leave the codebase in a broken state**: If you can't complete a phase cleanly, revert and explain why.

.claude/commands/plan-android-work.md

@@ -0,0 +1,119 @@
+---
+description: Guided requirements refinement and implementation planning for Bitwarden Android
+argument-hint: <Jira ticket (PM-12345), Confluence URL, or free-text description>
+---
+
+# Android Planning Workflow
+
+You are guiding the developer through requirements refinement and implementation planning for the Bitwarden Android project. The input to plan from is:
+
+**Input**: $ARGUMENTS
+
+## Prerequisites
+
+- **Jira/Confluence access**: Fetching tickets and wiki pages requires the `bitwarden-atlassian-tools@bitwarden-marketplace` MCP plugin. If the plugin is not installed, Jira ticket IDs and Confluence URLs cannot be fetched automatically.
+
+## Workflow Phases
+
+Work through each phase sequentially. **Confirm with the user before advancing to the next phase.** The user may skip phases that are not applicable. If starting from a partially completed plan, skip to the appropriate phase.
+
+### Phase 1: Ingest Requirements
+
+Parse the input to detect and fetch all available sources:
+
+**Source Detection Rules:**
+- **Jira tickets** (patterns like `PM-\d+`, `BWA-\d+`, `EC-\d+`): Fetch via `get_issue` and `get_issue_comments`. Also fetch linked issue summaries (parent epic, sub-tasks, blockers) for context.
+- **Confluence URLs** (containing `atlassian.net/wiki` or confluence page IDs): Extract page ID and fetch via `get_confluence_page`. If the page is a parent page, fetch child pages via `get_child_pages` and ask the user which are relevant.
+- **Free text**: Treat as direct requirements — no fetching needed.
+- **Multiple inputs**: All are first-class sources. Fetch each independently and consolidate.
+- **Tool unavailable**: If `get_issue`, `get_confluence_page`, or other Atlassian tools are not available, inform the user that the `bitwarden-atlassian-tools@bitwarden-marketplace` MCP plugin is required and prompt them to install and configure it. In the meantime, ask the user to paste the relevant content directly. Treat pasted content as free-text input.
+
+**Present a structured summary:**
+1. Sources identified and fetched (with links)
+2. Raw requirements extracted from each source
+3. Initial scope assessment (small / medium / large)
+
+**Edge cases:**
+- Jira ticket with no description → flag as critical gap that Phase 2 must address
+- Multiple tickets → fetch all, consolidate, flag any contradictions
+- Ticket + free text → both treated as first-class; free text supplements ticket
+
+**Gate**: User confirms the summary is complete and may add additional sources or context before proceeding.
+
+### Phase 2: Refine Requirements
+
+Invoke the `refining-android-requirements` skill and use it to perform gap analysis on the raw requirements from Phase 1.
+
+The skill will:
+1. Consolidate all sources into a working document
+2. Evaluate requirements against a structured rubric (functional, technical, security, UX, cross-cutting)
+3. Present categorized gaps as blocking or non-blocking questions
+4. After user answers, produce a structured specification with numbered IDs
+
+**Gate**: User approves the refined specification. They may request changes or provide additional answers.
+
+### Phase 3: Plan Implementation
+
+Invoke the `planning-android-implementation` skill and use it to design the implementation approach based on the refined spec from Phase 2.
+
+The skill will:
+1. Classify the change type
+2. Explore the codebase for reference implementations and integration points
+3. Design the architecture with component relationships
+4. Produce a file inventory and phased implementation plan
+5. Assess risks and define verification criteria
+
+**Gate**: User reviews the implementation plan and may request changes to architecture, phasing, or scope.
+
+### Phase 4: Finalize & Save
+
+Merge the outputs from Phase 2 (specification) and Phase 3 (implementation plan) into a single design document using this template:
+
+```markdown
+# [Feature Name] — Design Document
+
+**Feature**: [concise description]
+**Date**: [current date]
+**Status**: Ready for Implementation
+**Jira**: [ticket ID if available]
+**Sources**: [list of all input sources with links]
+
+---
+
+## Requirements Specification
+
+[Full output from Phase 2 — the refined specification with numbered IDs]
+
+---
+
+## Implementation Plan
+
+[Full output from Phase 3 — architecture, file inventory, phases, risks]
+
+---
+
+## Executing This Plan
+
+To implement this plan, run:
+
+    /work-on-android [ticket or feature reference]
+
+Reference this design document during implementation for architecture decisions,
+file locations, and phase ordering.
+```
+
+**Save the document:**
+- With ticket: `.claude/outputs/plans/PM-XXXXX-FEATURE-NAME-PLAN.md`
+- Without ticket: `.claude/outputs/plans/FEATURE-NAME-PLAN.md`
+- Feature name should be uppercase with hyphens (e.g., `BIOMETRIC-TIMEOUT-CONFIG-PLAN.md`)
+- Create the output directory if it does not exist
+
+**On completion**: Present the saved file path and remind the user they can execute the plan with `/work-on-android`.
+
+## Guidelines
+
+- Be explicit about which phase you are in at all times.
+- If the user wants to skip a phase, acknowledge and move to the next applicable phase.
+- When fetching from Jira/Confluence, summarize what was found rather than dumping raw content.
+- Questions in Phase 2 should be specific and actionable, not generic.
+- The implementation plan in Phase 3 should reference concrete files in the codebase, not abstract descriptions.

.claude/commands/review-android.md

@@ -0,0 +1,72 @@
+---
+description: Guided Android code review workflow through context gathering, Android-specific review, and output
+argument-hint: [PR# | PR URL | "local"]
+---
+
+# Android Code Review Workflow
+
+You are guiding the developer through a comprehensive Android code review for the Bitwarden Android project.
+
+**Input**: $ARGUMENTS
+
+## Prerequisites
+
+- **Jira/Confluence access**: The `bitwarden-atlassian-tools@bitwarden-marketplace` MCP plugin is required to fetch linked Jira tickets. If unavailable, skip ticket context.
+- **GitHub CLI**: Required for fetching PR metadata. Verify with `gh auth status`.
+
+## Workflow Phases
+
+Work through each phase sequentially. **Confirm with the user before advancing to the next phase.** The user may skip phases that are not applicable.
+
+### Phase 1: Ingest
+
+Parse the input to determine review context:
+
+**Source Detection Rules:**
+- **PR number** (`123`, `PR #123`, `https://github.com/.../pull/123`): Extract the numeric ID. Fetch PR metadata via `gh pr view <N> --json title,body,headRefName,baseRefName,author,files`. Fetch existing review threads to avoid duplicate comments via `gh api graphql` with `reviewThreads(first: 100)`.
+- **"local"** or no argument: Review current branch changes via `git diff main...HEAD` and `git log main...HEAD --oneline --no-merges`.
+- **No input**: Ask the user whether to review a PR (provide number/URL) or local branch changes.
+
+**Additional context:**
+- Detect Jira ticket references in PR title/body (patterns like `PM-\d+`, `BWA-\d+`). Fetch via `get_issue` if the MCP plugin is available.
+- Summarize what was fetched rather than dumping raw content.
+
+**Present a structured summary:**
+1. What is being reviewed (PR title/number, branch, or local changes description)
+2. Jira ticket context if found (summary and acceptance criteria)
+3. Files changed (count and modules affected)
+4. Existing review thread count (PR reviews only — avoids duplicate comments)
+
+**Gate**: User confirms the summary is complete before proceeding.
+
+### Phase 2: Review
+
+Invoke the `reviewing-changes` skill and use it to perform the Android-specific code review. Use the PR context from Phase 1 (change type, files affected, modules, Jira requirements) to inform the skill's change type detection and checklist selection.
+
+The skill will:
+1. Detect the change type based on files and PR context from Phase 1
+2. Load the appropriate type-specific checklist
+3. Execute the multi-pass review strategy
+4. Consult reference materials as needed
+
+**Before advancing**: Share a summary of key findings (critical issues if any, overall assessment) and confirm the user is ready to output the review.
+
+### Phase 3: Output
+
+Write the completed review to local files:
+
+- `review-summary.md` — Overall assessment (APPROVE / REQUEST CHANGES) plus critical issues list
+- `review-inline-comments.md` — All inline findings with `<details>` tags
+
+Follow the exact output format from `.claude/skills/reviewing-changes/examples/review-outputs.md`.
+
+For PR reviews: offer to post the review to GitHub using `gh pr review <N> --comment -b "$(cat review-summary.md)"` for the summary. For inline comments, use the GitHub API or the `bitwarden-code-review` plugin if installed.
+
+**Before advancing**: Confirm the files were written successfully and ask if the user wants to post to GitHub (PR reviews only).
+
+## Guidelines
+
+- Be explicit about which phase you are in at all times.
+- Never proceed to another phase without user confirmation.
+- If the user wants to skip a phase, acknowledge and move to the next applicable phase.
+- If starting from a partially completed review (e.g., review already written), skip to the appropriate phase.

.claude/commands/work-on-android.md

@@ -0,0 +1,66 @@
+---
+description: Guided Android development workflow through all lifecycle phases
+argument-hint: <task description, plan, or Jira ticket reference>
+---
+
+# Android Development Workflow
+
+You are guiding the developer through a complete Android development lifecycle for the Bitwarden Android project. The task to work on is:
+
+**Task**: $ARGUMENTS
+
+## Workflow Phases
+
+Work through each phase sequentially. **Confirm with the user before advancing to the next phase.** If a phase fails (tests fail, lint errors, etc.), loop on that phase until resolved before advancing. The user may skip phases that are not applicable.
+
+### Phase 1: Implement
+
+Invoke the `implementing-android-code` skill and use it to guide your implementation of the task. Understand what needs to be done, explore the relevant code, and write the implementation.
+
+**Before advancing**: Summarize what was implemented and confirm the user is ready to move to testing.
+
+### Phase 2: Test
+
+Invoke the `testing-android-code` skill and use it to write tests for the changes made in Phase 1. Follow the project's test patterns and conventions.
+
+**Before advancing**: Summarize what tests were written and confirm readiness for build verification.
+
+### Phase 3: Build & Verify
+
+Invoke the `build-test-verify` skill to run tests, lint, and detekt. Ensure everything passes.
+
+**If failures occur**: Fix the issues and re-run verification. Do not advance until all checks pass.
+
+**Before advancing**: Report build/test/lint results and confirm readiness for self-review.
+
+### Phase 4: Self-Review
+
+Invoke the `perform-android-preflight-checklist` skill to perform a quality gate check on all changes. Address any issues found.
+
+**Before advancing**: Share the self-review results and confirm readiness to commit.
+
+### Phase 5: Commit
+
+Invoke the `committing-android-changes` skill to stage and commit the changes with a properly formatted commit message.
+
+**Before advancing**: Confirm the commit was successful and ask if the user wants to proceed to review and PR creation, or stop here.
+
+### Phase 6: Review
+
+**Pre-requisites:**
+- `bitwarden-code-review` from the [Bitwarden Plugin Marketplace](https://github.com/bitwarden/ai-plugins) must be installed in order to perform this phase. If it is not installed prompt the user to install it, or skip the review phase.
+
+Launch a subagent with the `/bitwarden-code-review:code-review-local` command to perform a **local** code review of the committed diff. Validate and address any issues found before proceeding.
+
+**Before advancing**: Share review findings and confirm readiness for PR creation.
+
+### Phase 7: Pull Request
+
+Prompt the user to invoke the `creating-android-pull-request` skill to create the pull request with proper description and formatting. **Create as a draft PR by default** unless the user has explicitly requested a ready-for-review PR.
+
+## Guidelines
+
+- Be explicit about which phase you are in at all times.
+- Never proceed to another phase without user confirmation.
+- If the user wants to skip a phase, acknowledge and move to the next applicable phase.
+- If starting from a partially completed task (e.g., code already written), skip to the appropriate phase.

.claude/prompts/review-code.md

@@ -1,27 +1,3 @@
 Use the `reviewing-changes` skill to review this pull request.
 
 The PR branch is already checked out in the current working directory.
-
-## CRITICAL OUTPUT REQUIREMENTS
-
-**Summary Format (REQUIRED):**
-- **Clean PRs (no issues)**: 2-3 lines MAXIMUM
-  - Format: `**Overall Assessment:** APPROVE\n[One sentence]`
-  - Example: "Clean refactoring following established patterns"
-
-- **PRs with issues**: Verdict + critical issues list (5-10 lines MAX)
-  - Format: `**Overall Assessment:** APPROVE/REQUEST CHANGES\n**Critical Issues:**\n- issue 1\nSee inline comments`
-  - All details go in inline comments with `<details>` tags, NOT in summary
-
-**NEVER create:**
-- ❌ Praise sections ("Strengths", "Good Practices", "Excellent X")
-- ❌ Verbose analysis sections (Architecture Assessment, Technical Review, Code Quality, etc.)
-- ❌ Tables, statistics, or detailed breakdowns in summary
-- ❌ Multiple summary sections
-- ❌ Checkmarks listing everything done correctly
-
-**Inline Comments:**
-- Create separate inline comment for each specific issue/recommendation
-- Use collapsible `<details>` sections for code examples and explanations
-- Only severity + one-line description visible; all other content collapsed
-- Track status of previously identified issues if this is a subsequent review

.claude/settings.json

@@ -0,0 +1,14 @@
+{
+  "attribution": {
+    "commit": "",
+    "pr": ""
+  },
+  "extraKnownMarketplaces": {
+    "bitwarden-marketplace": {
+      "source": {
+        "source": "github",
+        "repo": "bitwarden/ai-plugins"
+      }
+    }
+  }
+}

.claude/skills/build-test-verify/SKILL.md

@@ -0,0 +1,152 @@
+---
+name: build-test-verify
+version: 0.1.0
+description: Build, test, lint, and deploy commands for the Bitwarden Android project. Use when running tests, building APKs/AABs, running lint/detekt, deploying, using fastlane, or discovering codebase structure. Triggered by "run tests", "build", "gradle", "lint", "detekt", "deploy", "fastlane", "assemble", "verify", "coverage".
+---
+
+# Build, Test & Verify
+
+## Environment Setup
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `GITHUB_TOKEN` | Yes (CI) | GitHub Packages auth for SDK (`read:packages` scope) |
+| Build flavors | - | `standard` (Play Store), `fdroid` (no Google services) |
+| Build types | - | `debug`, `beta`, `release` |
+
+If builds fail resolving the Bitwarden SDK, verify `GITHUB_TOKEN` in `user.properties` or environment and check connectivity to `maven.pkg.github.com`.
+
+---
+
+## Building
+
+```bash
+# Debug builds
+./gradlew app:assembleDebug
+./gradlew authenticator:assembleDebug
+
+# Release builds (requires signing keys)
+./gradlew app:assembleStandardRelease
+./gradlew app:bundleStandardRelease
+
+# F-Droid builds
+./gradlew app:assembleFdroidRelease
+```
+
+---
+
+## Running Tests
+
+**IMPORTANT**: The app module uses the `standard` flavor. Always use `testStandardDebugUnitTest`, NOT `testDebugUnitTest`.
+
+**IMPORTANT**: Always pipe test output through a filter that captures failures on the first run. Gradle suppresses detailed failure output by default, so use `2>&1 | grep -E "FAILED|BUILD|expected:|actual:|AssertionError|failures" | head -30` to see pass/fail results and assertion details without needing a second run.
+
+```bash
+# App module tests (correct flavor!)
+./gradlew app:testStandardDebugUnitTest 2>&1 | grep -E "FAILED|BUILD|expected:|actual:|AssertionError|failures" | head -30
+
+# Run specific test classes
+./gradlew app:testStandardDebugUnitTest --tests "com.x8bit.bitwarden.SomeTest" 2>&1 | grep -E "FAILED|BUILD|expected:|actual:|AssertionError|failures" | head -30
+
+# Run all unit tests across all modules
+./gradlew test
+
+# Individual shared modules (no flavor needed)
+./gradlew :core:test
+./gradlew :data:test
+./gradlew :network:test
+./gradlew :ui:test
+
+# Authenticator module
+./gradlew authenticator:testStandardDebugUnitTest
+```
+
+### Reading Test Reports
+
+If you need full failure details beyond what grep captures, check the HTML test report:
+
+```bash
+# After a test run, open the report at:
+# app/build/reports/tests/testStandardDebugUnitTest/index.html
+# Or read individual failure XML:
+find app/build/test-results -name "*.xml" -exec grep -l "failure" {} \;
+```
+
+### Test Structure
+
+```
+app/src/test/                    # App unit tests
+app/src/testFixtures/            # App test utilities
+core/src/testFixtures/           # Core test utilities (FakeDispatcherManager)
+data/src/testFixtures/           # Data test utilities (FakeSharedPreferences)
+network/src/testFixtures/        # Network test utilities (BaseServiceTest)
+ui/src/testFixtures/             # UI test utilities (BaseViewModelTest, BaseComposeTest)
+```
+
+### Test Quick Reference
+
+- **Dispatcher Control**: `FakeDispatcherManager` from `:core:testFixtures`
+- **MockK**: `mockk<T> { every { } returns }`, `coEvery { }` for suspend
+- **Flow Testing**: Turbine with `stateEventFlow()` helper from `BaseViewModelTest`
+- **Time Control**: Inject `Clock` for deterministic time testing
+
+---
+
+## Lint & Static Analysis
+
+```bash
+# Detekt (static analysis)
+./gradlew detekt
+
+# Android Lint
+./gradlew lint
+
+# Full validation suite (detekt + lint + tests + coverage)
+./fastlane check
+```
+
+---
+
+## Codebase Discovery
+
+```bash
+# Find existing Bitwarden UI components
+find ui/src/main/kotlin/com/bitwarden/ui/platform/components/ -name "Bitwarden*.kt" | sort
+
+# Find all ViewModels
+grep -rl "BaseViewModel<" app/src/main/kotlin/ --include="*.kt"
+
+# Find all Navigation files with @Serializable routes
+find app/src/main/kotlin/ -name "*Navigation.kt" | sort
+
+# Find all Hilt modules
+find app/src/main/kotlin/ -name "*Module.kt" -path "*/di/*" | sort
+
+# Find all repository interfaces
+find app/src/main/kotlin/ -name "*Repository.kt" -not -name "*Impl.kt" -path "*/repository/*" | sort
+
+# Find encrypted disk source examples
+grep -rl "EncryptedPreferences" app/src/main/kotlin/ --include="*.kt"
+
+# Find Clock injection usage
+grep -rl "private val clock: Clock" app/src/main/kotlin/ --include="*.kt"
+
+# Search existing strings before adding new ones
+grep -n "search_term" ui/src/main/res/values/strings.xml
+```
+
+---
+
+## Deployment & Versioning
+
+**Version location**: `gradle/libs.versions.toml`
+```toml
+appVersionCode = "1"
+appVersionName = "2025.11.1"
+```
+Pattern: `YEAR.MONTH.PATCH`
+
+**Publishing channels**:
+- **Play Store**: GitHub Actions workflow with signed AAB
+- **F-Droid**: Dedicated workflow with F-Droid signing keys
+- **Firebase App Distribution**: Beta testing

.claude/skills/committing-android-changes/SKILL.md

@@ -0,0 +1,81 @@
+---
+name: committing-android-changes
+version: 0.1.0
+description: Git commit conventions and workflow for Bitwarden Android. Use when committing code, writing commit messages, or preparing changes for commit. Triggered by "commit", "git commit", "commit message", "prepare commit", "stage changes".
+---
+
+# Git Commit Conventions
+
+## Commit Message Format
+
+```
+[PM-XXXXX] <type>: <imperative summary>
+
+<optional body explaining why, not what>
+```
+
+### Rules
+
+1. **Ticket prefix**: Always include `[PM-XXXXX]` matching the Jira ticket
+2. **Type keyword**: Include a conventional commit type after the ticket prefix (see table below)
+3. **Imperative mood**: "Add feature" not "Added feature" or "Adds feature"
+4. **Short summary**: Under 72 characters for the first line
+5. **Body**: Explain the "why" not the "what" — the diff shows the what
+
+### Type Keywords
+
+Invoke the `labeling-android-changes` skill for the full type keyword table and selection guidance.
+
+### Example
+
+```
+[PM-12345] feat: Add biometric unlock timeout configuration
+
+Users reported confusion about when biometric prompts appear.
+This adds a configurable timeout setting to the security preferences.
+```
+
+### Followup Commits
+
+Only the first commit on a branch needs the full format (ticket prefix, type keyword, body). Subsequent commits — whether addressing review feedback, making intermediate changes, or iterating locally — can use a short, descriptive summary with no prefix or body required.
+
+```
+Update error handling in login flow
+```
+
+---
+
+## Pre-Commit Checklist
+
+Run the `perform-android-preflight-checklist` skill for the full quality gate. At minimum, before staging and committing:
+
+1. **Run affected module tests** (use `build-test-verify` skill for correct commands)
+2. **Check lint**: `./gradlew detekt` on changed modules
+3. **Review staged changes**: `git diff --staged` — verify no unintended modifications
+4. **Verify no secrets**: No API keys, tokens, passwords, or `.env` files staged
+5. **Verify no generated files**: No build outputs, `.idea/` changes, or generated code
+
+---
+
+## What NOT to Commit
+
+- `.env` files or `user.properties` with real tokens
+- Credential files or signing keystores
+- Build outputs (`build/`, `*.apk`, `*.aab`)
+- IDE-specific files (`.idea/` changes, `*.iml`)
+- Large binary files
+
+---
+
+## Staging Best Practices
+
+- **Stage specific files** by name rather than `git add -A` or `git add .`
+- Put each file path on its own line for readability:
+  ```bash
+  git add \
+    path/to/first/File.kt \
+    path/to/second/File.kt \
+    path/to/third/File.kt
+  ```
+- Review each file being staged to avoid accidentally including sensitive data
+- Use `git status` (without `-uall` flag) to see the working tree state

.claude/skills/creating-android-pull-request/SKILL.md

@@ -0,0 +1,64 @@
+---
+name: creating-android-pull-request
+version: 0.1.0
+description: Pull request creation workflow for Bitwarden Android. Use when creating PRs, writing PR descriptions, or preparing branches for review. Triggered by "create PR", "pull request", "open PR", "gh pr create", "PR description".
+---
+
+# Create Pull Request
+
+## PR Title Format
+
+```
+[PM-XXXXX] <type>: <short imperative summary>
+```
+
+**Examples:**
+- `[PM-12345] feat: Add autofill support for passkeys`
+- `[PM-12345] fix: Resolve crash during vault sync`
+- `[PM-12345] refactor: Simplify authentication flow`
+
+**Rules:**
+- Include Jira ticket prefix
+- Keep under 70 characters total
+- Use imperative mood in the summary
+
+**Type keywords** (triggers automatic `t:` label via CI):
+
+Invoke the `labeling-android-changes` skill for the full type keyword table and selection guidance.
+
+---
+
+## PR Body Template
+
+**IMPORTANT:** Always follow the repo's PR template at `.github/PULL_REQUEST_TEMPLATE.md`. Delete the Screenshots section entirely if there are no UI changes.
+
+---
+
+## Pre-PR Checklist
+
+1. **All tests pass**: Run `./gradlew app:testStandardDebugUnitTest` (and other affected modules)
+2. **Lint clean**: Run `./gradlew detekt`
+3. **Self-review done**: Use `perform-android-preflight-checklist` skill
+4. **No unintended changes**: Check `git diff origin/main...HEAD` for unexpected files
+5. **Branch up to date**: Rebase on `main` if needed
+
+---
+
+## Creating the PR
+
+```bash
+# Ensure branch is pushed
+git push -u origin <branch-name>
+
+# Create PR as draft by default (body follows .github/PULL_REQUEST_TEMPLATE.md)
+gh pr create --draft --title "[PM-XXXXX] feat: Short summary" --body "<fill in from PR template>"
+```
+
+**Default to draft PRs.** Only create a non-draft (ready for review) PR if the user explicitly requests it.
+
+---
+
+## Base Branch
+
+- Default target: `main`
+- Check with team if targeting a feature branch instead

.claude/skills/implementing-android-code/SKILL.md

@@ -0,0 +1,481 @@
+---
+name: implementing-android-code
+version: 0.1.2
+description: This skill should be used when implementing Android code in Bitwarden. Covers critical patterns, gotchas, and anti-patterns unique to this codebase. Triggered by "How do I implement a ViewModel?", "Create a new screen", "Add navigation", "Write a repository", "BaseViewModel pattern", "State-Action-Event", "type-safe navigation", "@Serializable route", "SavedStateHandle persistence", "process death recovery", "handleAction", "sendAction", "Hilt module", "Repository pattern", "implementing a screen", "adding a data source", "handling navigation", "encrypted storage", "security patterns", "Clock injection", "DataState", or any questions about implementing features, screens, ViewModels, data sources, or navigation in the Bitwarden Android app.
+---
+
+# Implementing Android Code - Bitwarden Quick Reference
+
+**This skill provides tactical guidance for Bitwarden-specific patterns.** For comprehensive architecture decisions and complete code style rules, consult `docs/ARCHITECTURE.md` and `docs/STYLE_AND_BEST_PRACTICES.md`.
+
+---
+
+## Critical Patterns Reference
+
+### A. ViewModel Implementation (State-Action-Event Pattern)
+
+All ViewModels follow the **State-Action-Event (SAE)** pattern via `BaseViewModel<State, Event, Action>`.
+
+**Key Requirements:**
+- Annotate with `@HiltViewModel`
+- State class MUST be `@Parcelize data class : Parcelable`
+- Implement `handleAction(action: A)` - MUST be synchronous
+- Post internal actions from coroutines using `sendAction()`
+- Save/restore state via `SavedStateHandle[KEY_STATE]`
+- Private action handlers: `private fun handle*` naming convention
+
+**Template**: See [ViewModel template](templates.md#viewmodel-template-state-action-event-pattern)
+
+**Pattern Summary:**
+```kotlin
+@HiltViewModel
+class ExampleViewModel @Inject constructor(
+    savedStateHandle: SavedStateHandle,
+    private val repository: ExampleRepository,
+) : BaseViewModel<ExampleState, ExampleEvent, ExampleAction>(
+    initialState = savedStateHandle[KEY_STATE] ?: ExampleState(),
+) {
+    init {
+        stateFlow.onEach { savedStateHandle[KEY_STATE] = it }.launchIn(viewModelScope)
+    }
+
+    override fun handleAction(action: ExampleAction) {
+        // Synchronous dispatch only
+        when (action) {
+            is Action.Click -> handleClick()
+            is Action.Internal.DataReceived -> handleDataReceived(action)
+        }
+    }
+
+    private fun handleClick() {
+        viewModelScope.launch {
+            val result = repository.fetchData()
+            sendAction(Action.Internal.DataReceived(result))  // Post internal action
+        }
+    }
+
+    private fun handleDataReceived(action: Action.Internal.DataReceived) {
+        mutableStateFlow.update { it.copy(data = action.result) }
+    }
+}
+```
+
+**Reference:**
+- `ui/src/main/kotlin/com/bitwarden/ui/platform/base/BaseViewModel.kt` (see `handleAction` method)
+- `app/src/main/kotlin/com/x8bit/bitwarden/ui/auth/feature/login/LoginViewModel.kt` (see class declaration)
+
+**Critical Gotchas:**
+- ❌ **NEVER** update `mutableStateFlow` directly inside coroutines
+- ✅ **ALWAYS** post internal actions from coroutines, update state in `handleAction()`
+- ❌ **NEVER** forget `@IgnoredOnParcel` for sensitive data (causes security leak)
+- ✅ **ALWAYS** use `@Parcelize` on state classes for process death recovery
+- ✅ State restoration happens automatically if properly saved to `SavedStateHandle`
+
+---
+
+### B. Navigation Implementation (Type-Safe)
+
+All navigation uses **type-safe routes** with kotlinx.serialization.
+
+**Pattern Structure:**
+1. `@Serializable` route data class with parameters
+2. `...Args` helper class for extracting from `SavedStateHandle`
+3. `NavGraphBuilder.{screen}Destination()` extension for adding screen to graph
+4. `NavController.navigateTo{Screen}()` extension for navigation calls
+
+**Template**: See [Navigation template](templates.md#navigation-template-type-safe-routes)
+
+**Pattern Summary:**
+```kotlin
+@Serializable
+data class ExampleRoute(val userId: String, val isEditMode: Boolean = false)
+
+data class ExampleArgs(val userId: String, val isEditMode: Boolean)
+
+fun SavedStateHandle.toExampleArgs(): ExampleArgs {
+    val route = this.toRoute<ExampleRoute>()
+    return ExampleArgs(userId = route.userId, isEditMode = route.isEditMode)
+}
+
+fun NavController.navigateToExample(
+    userId: String,
+    isEditMode: Boolean = false,
+    navOptions: NavOptions? = null,
+) {
+    this.navigate(route = ExampleRoute(userId, isEditMode), navOptions = navOptions)
+}
+
+fun NavGraphBuilder.exampleDestination(onNavigateBack: () -> Unit) {
+    composableWithSlideTransitions<ExampleRoute> {
+        ExampleScreen(onNavigateBack = onNavigateBack)
+    }
+}
+```
+
+**Reference:** `app/src/main/kotlin/com/x8bit/bitwarden/ui/auth/feature/login/LoginNavigation.kt` (see `LoginRoute` and extensions)
+
+**Key Benefits:**
+- ✅ Type safety: Compile-time errors for missing parameters
+- ✅ No string literals in navigation code
+- ✅ Automatic serialization/deserialization
+- ✅ Clear contract for screen dependencies
+
+---
+
+### C. Screen/Compose Implementation
+
+All screens follow consistent Compose patterns.
+
+**Template**: See [Screen/Compose template](templates.md#screencompose-template)
+
+**Key Patterns:**
+```kotlin
+@Composable
+fun ExampleScreen(
+    onNavigateBack: () -> Unit,
+    viewModel: ExampleViewModel = hiltViewModel(),
+) {
+    val state by viewModel.stateFlow.collectAsStateWithLifecycle()
+
+    EventsEffect(viewModel = viewModel) { event ->
+        when (event) {
+            ExampleEvent.NavigateBack -> onNavigateBack()
+        }
+    }
+
+    BitwardenScaffold(
+        topBar = {
+            BitwardenTopAppBar(
+                title = stringResource(R.string.title),
+                navigationIcon = rememberVectorPainter(BitwardenDrawable.ic_back),
+                onNavigationIconClick = { viewModel.trySendAction(ExampleAction.BackClick) },
+            )
+        },
+    ) {
+        // UI content
+    }
+}
+```
+
+**Reference:** `app/src/main/kotlin/com/x8bit/bitwarden/ui/auth/feature/login/LoginScreen.kt` (see `LoginScreen` composable)
+
+**Essential Requirements:**
+- ✅ Use `hiltViewModel()` for dependency injection
+- ✅ Use `collectAsStateWithLifecycle()` for state (not `collectAsState()`)
+- ✅ Use `EventsEffect(viewModel)` for one-shot events
+- ✅ Use `Bitwarden*` prefixed components from `:ui` module
+
+**State Hoisting Rules:**
+- **ViewModel state**: Data that needs to survive process death or affects business logic
+- **UI-only state**: Temporary UI state (scroll position, text field focus) using `remember` or `rememberSaveable`
+
+---
+
+### D. Data Layer Implementation
+
+The data layer follows strict patterns for repositories, managers, and data sources.
+
+**Interface + Implementation Separation (ALWAYS)**
+
+**Template**: See [Data Layer template](templates.md#data-layer-template-repository--hilt-module)
+
+**Pattern Summary:**
+```kotlin
+// Interface (injected via Hilt)
+interface ExampleRepository {
+    suspend fun fetchData(id: String): ExampleResult
+    val dataFlow: StateFlow<DataState<ExampleData>>
+}
+
+// Implementation (NOT directly injected)
+class ExampleRepositoryImpl(
+    private val exampleDiskSource: ExampleDiskSource,
+    private val exampleService: ExampleService,
+) : ExampleRepository {
+    override suspend fun fetchData(id: String): ExampleResult {
+        // NO exceptions thrown - return Result or sealed class
+        return exampleService.getData(id).fold(
+            onSuccess = { ExampleResult.Success(it.toModel()) },
+            onFailure = { ExampleResult.Error(it.message) },
+        )
+    }
+}
+
+// Sealed result class (domain-specific)
+sealed class ExampleResult {
+    data class Success(val data: ExampleData) : ExampleResult()
+    data class Error(val message: String?) : ExampleResult()
+}
+
+// Hilt Module
+@Module
+@InstallIn(SingletonComponent::class)
+object ExampleRepositoryModule {
+    @Provides
+    @Singleton
+    fun provideExampleRepository(
+        exampleDiskSource: ExampleDiskSource,
+        exampleService: ExampleService,
+    ): ExampleRepository = ExampleRepositoryImpl(exampleDiskSource, exampleService)
+}
+```
+
+**Reference:**
+- `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt`
+- `app/src/main/kotlin/com/x8bit/bitwarden/data/tools/generator/repository/di/GeneratorRepositoryModule.kt`
+
+**Three-Layer Data Architecture:**
+1. **Data Sources** - Raw data access (network, disk, SDK). Return `Result<T>`, never throw.
+2. **Managers** - Single responsibility business logic. Wrap OS/external services.
+3. **Repositories** - Aggregate sources/managers. Return domain-specific sealed classes.
+
+**Critical Rules:**
+- ❌ **NEVER** throw exceptions in data layer
+- ✅ **ALWAYS** use interface + `...Impl` pattern
+- ✅ **ALWAYS** inject interfaces, never implementations
+- ✅ Data sources return `Result<T>`, repositories return domain sealed classes
+- ✅ Use `StateFlow` for continuously observed data
+
+---
+
+### E. UI Components
+
+**Use Existing Components First:**
+
+The `:ui` module provides reusable `Bitwarden*` prefixed components. Search before creating new ones.
+
+**Common Components:**
+- `BitwardenFilledButton` - Primary action buttons
+- `BitwardenOutlinedButton` - Secondary action buttons
+- `BitwardenTextField` - Text input fields
+- `BitwardenPasswordField` - Password input with show/hide
+- `BitwardenSwitch` - Toggle switches
+- `BitwardenTopAppBar` - Toolbar/app bar
+- `BitwardenScaffold` - Screen container with scaffold
+- `BitwardenBasicDialog` - Simple dialogs
+- `BitwardenLoadingDialog` - Loading indicators
+
+**Component Discovery:**
+Search `ui/src/main/kotlin/com/bitwarden/ui/platform/components/` for existing `Bitwarden*` components. For build, test, and codebase discovery commands, use the **`build-test-verify`** skill.
+
+**When to Create New Reusable Components:**
+- Component used in 3+ places
+- Component needs consistent theming across app
+- Component has semantic meaning (accessibility)
+- Component has complex state management
+
+**New Component Requirements:**
+- Prefix with `Bitwarden`
+- Accept themed colors/styles from `BitwardenTheme`
+- Include preview composables for testing
+- Support accessibility (content descriptions, semantics)
+
+**String Resources:**
+
+New strings belong in the `:ui` module: `ui/src/main/res/values/strings.xml`
+
+- Use typographic apostrophes and quotes to avoid escape characters: `you’ll` not `you\'ll`, `“word”` not `\"word\"`
+- Reference strings via generated `BitwardenString` resource IDs
+- Do not add strings to other modules unless explicitly instructed
+
+---
+
+### F. Security Patterns
+
+**Encrypted vs Unencrypted Storage:**
+
+**Template**: See [Security templates](templates.md#security-templates)
+
+**Pattern Summary:**
+```kotlin
+class ExampleDiskSourceImpl(
+    @EncryptedPreferences encryptedSharedPreferences: SharedPreferences,
+    @UnencryptedPreferences sharedPreferences: SharedPreferences,
+) : BaseEncryptedDiskSource(
+    encryptedSharedPreferences = encryptedSharedPreferences,
+    sharedPreferences = sharedPreferences,
+),
+    ExampleDiskSource {
+    fun storeAuthToken(token: String) {
+        putEncryptedString(KEY_TOKEN, token)  // Sensitive — uses base class method
+    }
+
+    fun storeThemePreference(isDark: Boolean) {
+        putBoolean(KEY_THEME, isDark)  // Non-sensitive — uses base class method
+    }
+}
+```
+
+**Android Keystore (Biometric Keys):**
+- User-scoped encryption keys: `BiometricsEncryptionManager`
+- Keys stored in Android Keystore (hardware-backed when available)
+- Integrity validation on biometric state changes
+
+**Input Validation:**
+```kotlin
+// Validation returns boolean, NEVER throws
+interface RequestValidator {
+    fun validate(request: Request): Boolean
+}
+
+// Sanitization removes dangerous content
+fun String?.sanitizeTotpUri(issuer: String?, username: String?): String? {
+    if (this.isNullOrBlank()) return null
+    // Sanitize and return safe value
+}
+```
+
+**Security Checklist:**
+- ✅ Use `@EncryptedPreferences` for credentials, keys, tokens
+- ✅ Use `@UnencryptedPreferences` for UI state, preferences
+- ✅ Use `@IgnoredOnParcel` for sensitive ViewModel state
+- ❌ **NEVER** log sensitive data (passwords, tokens, vault items)
+- ✅ Validate all user input before processing
+- ✅ Use Timber for non-sensitive logging only
+
+---
+
+### G. Testing Patterns
+
+**ViewModel Testing:**
+
+**Template**: See [Testing templates](templates.md#testing-templates)
+
+**Pattern Summary:**
+```kotlin
+class ExampleViewModelTest : BaseViewModelTest() {
+    private val mockRepository: ExampleRepository = mockk()
+
+    @Test
+    fun `ButtonClick should fetch data and update state`() = runTest {
+        val expectedResult = ExampleResult.Success(data = "test")
+        coEvery { mockRepository.fetchData(any()) } returns expectedResult
+
+        val viewModel = createViewModel()
+        viewModel.trySendAction(ExampleAction.ButtonClick)
+
+        viewModel.stateFlow.test {
+            assertEquals(EXPECTED_STATE.copy(data = "test"), awaitItem())
+        }
+    }
+
+    private fun createViewModel(): ExampleViewModel = ExampleViewModel(
+        savedStateHandle = SavedStateHandle(mapOf(KEY_STATE to EXPECTED_STATE)),
+        repository = mockRepository,
+    )
+}
+```
+
+**Reference:** `app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/generator/GeneratorViewModelTest.kt`
+
+**Key Testing Patterns:**
+- ✅ Extend `BaseViewModelTest` for proper dispatcher management
+- ✅ Use `runTest` from `kotlinx.coroutines.test`
+- ✅ Use Turbine's `.test { awaitItem() }` for Flow assertions
+- ✅ Use MockK: `coEvery` for suspend functions, `every` for sync
+- ✅ Test both state changes and event emissions
+- ✅ Test both success and failure Result paths
+
+**Flow Testing with Turbine:**
+```kotlin
+// Test state and events simultaneously
+viewModel.stateEventFlow(backgroundScope) { stateFlow, eventFlow ->
+    viewModel.trySendAction(ExampleAction.Submit)
+    assertEquals(ExpectedState.Loading, stateFlow.awaitItem())
+    assertEquals(ExampleEvent.ShowSuccess, eventFlow.awaitItem())
+}
+```
+
+**MockK Quick Reference:**
+```kotlin
+coEvery { repository.fetchData(any()) } returns Result.success("data")  // Suspend
+every { diskSource.getData() } returns "cached"  // Sync
+coVerify { repository.fetchData("123") }  // Verify
+```
+
+---
+
+### H. Clock/Time Handling
+
+All code needing current time must inject `Clock` for testability.
+
+**Key Requirements:**
+- ✅ Inject `Clock` via Hilt in ViewModels
+- ✅ Pass `Clock` as parameter in extension functions
+- ✅ Use `clock.instant()` to get current time
+- ❌ Never call `Instant.now()` or `DateTime.now()` directly
+- ❌ Never use `mockkStatic` for datetime classes in tests
+
+**Pattern Summary:**
+```kotlin
+// ViewModel with Clock
+class MyViewModel @Inject constructor(
+    private val clock: Clock,
+) {
+    val timestamp = clock.instant()
+}
+
+// Extension function with Clock parameter
+fun State.getTimestamp(clock: Clock): Instant =
+    existingTime ?: clock.instant()
+
+// Test with fixed clock
+val FIXED_CLOCK = Clock.fixed(
+    Instant.parse("2023-10-27T12:00:00Z"),
+    ZoneOffset.UTC,
+)
+```
+
+**Reference:**
+- `docs/STYLE_AND_BEST_PRACTICES.md` (see Time and Clock Handling section)
+- `core/src/main/kotlin/com/bitwarden/core/di/CoreModule.kt` (see `provideClock` function)
+
+**Critical Gotchas:**
+- ❌ `Instant.now()` creates hidden dependency, non-testable
+- ❌ `mockkStatic(Instant::class)` is fragile, can leak between tests
+- ✅ `Clock.fixed(...)` provides deterministic test behavior
+
+---
+
+## Bitwarden-Specific Anti-Patterns
+
+**General anti-patterns are documented in CLAUDE.md.** This section covers violations specific to Bitwarden's State-Action-Event, navigation, and data layer patterns:
+
+❌ **NEVER update ViewModel state directly in coroutines**
+- Post internal actions, update state synchronously in `handleAction()`
+
+❌ **NEVER inject `...Impl` classes**
+- Only inject interfaces via Hilt
+
+❌ **NEVER create navigation without `@Serializable` routes**
+- No string-based navigation, always type-safe
+
+❌ **NEVER use raw `Result<T>` in repositories**
+- Use domain-specific sealed classes for better error handling
+
+❌ **NEVER make state classes without `@Parcelize`**
+- All ViewModel state must survive process death
+
+❌ **NEVER skip `SavedStateHandle` persistence for ViewModels**
+- Users lose form progress on process death
+
+❌ **NEVER forget `@IgnoredOnParcel` for passwords/tokens**
+- Causes security vulnerability (sensitive data in parcel)
+
+❌ **NEVER use generic `Exception` catching**
+- Catch specific exceptions only (`RemoteException`, `IOException`)
+
+❌ **NEVER call `Instant.now()` or `DateTime.now()` directly**
+- Inject `Clock` via Hilt, use `clock.instant()` for testability
+
+---
+
+## Quick Reference
+
+For build, test, and codebase discovery commands, use the **`build-test-verify`** skill.
+
+**File Reference Format:**
+When pointing to specific code, use: `file_path:line_number`
+
+Example: `ui/src/main/kotlin/com/bitwarden/ui/platform/base/BaseViewModel.kt` (see `handleAction` method)
+

.claude/skills/implementing-android-code/templates.md

@@ -0,0 +1,636 @@
+# Code Templates - Bitwarden Android
+
+Copy-pasteable templates derived from actual codebase patterns. Replace `Example` with your feature name.
+
+---
+
+## ViewModel Template (State-Action-Event Pattern)
+
+**Based on**: `app/src/main/kotlin/com/x8bit/bitwarden/ui/auth/feature/login/LoginViewModel.kt`
+
+### State Class
+
+```kotlin
+@Parcelize
+data class ExampleState(
+    val isLoading: Boolean = false,
+    val data: String? = null,
+    @IgnoredOnParcel val sensitiveInput: String = "", // Sensitive data excluded from parcel
+    val dialogState: DialogState? = null,
+) : Parcelable {
+
+    /**
+     * Dialog states for the Example screen.
+     */
+    sealed class DialogState : Parcelable {
+        @Parcelize
+        data class Error(
+            val title: Text? = null,
+            val message: Text,
+            val error: Throwable? = null,
+        ) : DialogState()
+
+        @Parcelize
+        data class Loading(val message: Text) : DialogState()
+    }
+}
+```
+
+### Event Sealed Class
+
+```kotlin
+/**
+ * One-shot UI events for the Example screen.
+ */
+sealed class ExampleEvent {
+    data object NavigateBack : ExampleEvent()
+
+    data class ShowToast(val message: Text) : ExampleEvent()
+}
+```
+
+### Action Sealed Class (with Internal)
+
+```kotlin
+/**
+ * User and system actions for the Example screen.
+ */
+sealed class ExampleAction {
+    data object BackClick : ExampleAction()
+
+    data object SubmitClick : ExampleAction()
+
+    data class InputChanged(val input: String) : ExampleAction()
+
+    data object ErrorDialogDismiss : ExampleAction()
+
+    /**
+     * Internal actions dispatched by the ViewModel from coroutines.
+     */
+    sealed class Internal : ExampleAction() {
+        data class ReceiveDataState(
+            val dataState: DataState<ExampleData>,
+        ) : Internal()
+
+        data class ReceiveDataResult(
+            val result: ExampleResult,
+        ) : Internal()
+    }
+}
+```
+
+### ViewModel
+
+```kotlin
+private const val KEY_STATE = "state"
+
+/**
+ * ViewModel for the Example screen.
+ */
+@HiltViewModel
+class ExampleViewModel @Inject constructor(
+    savedStateHandle: SavedStateHandle,
+    private val exampleRepository: ExampleRepository,
+) : BaseViewModel<ExampleState, ExampleEvent, ExampleAction>(
+    initialState = savedStateHandle[KEY_STATE]
+        ?: run {
+            val args = savedStateHandle.toExampleArgs()
+            ExampleState(
+                data = args.itemId,
+            )
+        },
+) {
+
+    init {
+        // Persist state for process death recovery
+        stateFlow
+            .onEach { savedStateHandle[KEY_STATE] = it }
+            .launchIn(viewModelScope)
+
+        // Collect repository flows as internal actions
+        exampleRepository.dataFlow
+            .map { ExampleAction.Internal.ReceiveDataState(it) }
+            .onEach(::sendAction)
+            .launchIn(viewModelScope)
+    }
+
+    override fun handleAction(action: ExampleAction) {
+        when (action) {
+            ExampleAction.BackClick -> handleBackClick()
+            ExampleAction.SubmitClick -> handleSubmitClick()
+            ExampleAction.ErrorDialogDismiss -> handleErrorDialogDismiss()
+            is ExampleAction.InputChanged -> handleInputChanged(action)
+            is ExampleAction.Internal.ReceiveDataState -> {
+                handleReceiveDataState(action)
+            }
+            is ExampleAction.Internal.ReceiveDataResult -> {
+                handleReceiveDataResult(action)
+            }
+        }
+    }
+
+    private fun handleBackClick() {
+        sendEvent(ExampleEvent.NavigateBack)
+    }
+
+    private fun handleErrorDialogDismiss() {
+        mutableStateFlow.update { it.copy(dialogState = null) }
+    }
+
+    private fun handleSubmitClick() {
+        viewModelScope.launch {
+            val result = exampleRepository.submitData(state.data.orEmpty())
+            sendAction(ExampleAction.Internal.ReceiveDataResult(result))
+        }
+    }
+
+    private fun handleInputChanged(action: ExampleAction.InputChanged) {
+        mutableStateFlow.update { it.copy(sensitiveInput = action.input) }
+    }
+
+    private fun handleReceiveDataState(
+        action: ExampleAction.Internal.ReceiveDataState,
+    ) {
+        when (action.dataState) {
+            is DataState.Loaded -> {
+                mutableStateFlow.update {
+                    it.copy(
+                        isLoading = false,
+                        data = action.dataState.data.toString(),
+                    )
+                }
+            }
+
+            is DataState.Loading -> {
+                mutableStateFlow.update { it.copy(isLoading = true) }
+            }
+
+            is DataState.Error -> {
+                mutableStateFlow.update {
+                    it.copy(
+                        isLoading = false,
+                        dialogState = ExampleState.DialogState.Error(
+                            message = BitwardenString.generic_error_message.asText(),
+                            error = action.dataState.error,
+                        ),
+                    )
+                }
+            }
+
+            else -> Unit
+        }
+    }
+
+    private fun handleReceiveDataResult(
+        action: ExampleAction.Internal.ReceiveDataResult,
+    ) {
+        when (val result = action.result) {
+            is ExampleResult.Success -> {
+                mutableStateFlow.update {
+                    it.copy(
+                        isLoading = false,
+                        data = result.data,
+                    )
+                }
+            }
+
+            is ExampleResult.Error -> {
+                mutableStateFlow.update {
+                    it.copy(
+                        isLoading = false,
+                        dialogState = ExampleState.DialogState.Error(
+                            message = result.message?.asText()
+                                ?: BitwardenString.generic_error_message.asText(),
+                        ),
+                    )
+                }
+            }
+        }
+    }
+}
+```
+
+---
+
+## Navigation Template (Type-Safe Routes)
+
+**Based on**: `app/src/main/kotlin/com/x8bit/bitwarden/ui/auth/feature/login/LoginNavigation.kt`
+
+```kotlin
+@file:OmitFromCoverage
+
+package com.x8bit.bitwarden.ui.feature.example
+
+import androidx.lifecycle.SavedStateHandle
+import androidx.navigation.NavController
+import androidx.navigation.NavGraphBuilder
+import androidx.navigation.NavOptions
+import androidx.navigation.toRoute
+import com.bitwarden.annotation.OmitFromCoverage
+import com.bitwarden.ui.platform.base.util.composableWithSlideTransitions
+import kotlinx.serialization.Serializable
+
+/**
+ * Route for the Example screen.
+ */
+@Serializable
+@OmitFromCoverage
+data class ExampleRoute(
+    val itemId: String,
+    val isEditMode: Boolean = false,
+)
+
+/**
+ * Args extracted from [SavedStateHandle] for the Example screen.
+ */
+@OmitFromCoverage
+data class ExampleArgs(
+    val itemId: String,
+    val isEditMode: Boolean,
+)
+
+/**
+ * Extracts [ExampleArgs] from the [SavedStateHandle].
+ */
+fun SavedStateHandle.toExampleArgs(): ExampleArgs {
+    val route = this.toRoute<ExampleRoute>()
+    return ExampleArgs(
+        itemId = route.itemId,
+        isEditMode = route.isEditMode,
+    )
+}
+
+/**
+ * Navigate to the Example screen.
+ */
+fun NavController.navigateToExample(
+    itemId: String,
+    isEditMode: Boolean = false,
+    navOptions: NavOptions? = null,
+) {
+    this.navigate(
+        route = ExampleRoute(
+            itemId = itemId,
+            isEditMode = isEditMode,
+        ),
+        navOptions = navOptions,
+    )
+}
+
+/**
+ * Add the Example screen destination to the navigation graph.
+ */
+fun NavGraphBuilder.exampleDestination(
+    onNavigateBack: () -> Unit,
+) {
+    composableWithSlideTransitions<ExampleRoute> {
+        ExampleScreen(
+            onNavigateBack = onNavigateBack,
+        )
+    }
+}
+```
+
+---
+
+## Screen/Compose Template
+
+**Based on**: `app/src/main/kotlin/com/x8bit/bitwarden/ui/auth/feature/login/LoginScreen.kt`
+
+```kotlin
+package com.x8bit.bitwarden.ui.feature.example
+
+import androidx.compose.foundation.layout.fillMaxSize
+import androidx.compose.material3.ExperimentalMaterial3Api
+import androidx.compose.material3.TopAppBarDefaults
+import androidx.compose.material3.rememberTopAppBarState
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.getValue
+import androidx.compose.runtime.remember
+import androidx.compose.ui.Modifier
+import androidx.compose.ui.input.nestedscroll.nestedScroll
+import androidx.compose.ui.res.stringResource
+import androidx.hilt.lifecycle.viewmodel.compose.hiltViewModel
+import androidx.lifecycle.compose.collectAsStateWithLifecycle
+import com.bitwarden.ui.platform.base.util.EventsEffect
+import com.bitwarden.ui.platform.components.appbar.BitwardenTopAppBar
+import com.bitwarden.ui.platform.components.scaffold.BitwardenScaffold
+import com.bitwarden.ui.platform.components.util.rememberVectorPainter
+import com.bitwarden.ui.platform.resource.BitwardenDrawable
+import com.bitwarden.ui.platform.resource.BitwardenString
+
+/**
+ * The Example screen.
+ */
+@OptIn(ExperimentalMaterial3Api::class)
+@Composable
+fun ExampleScreen(
+    onNavigateBack: () -> Unit,
+    viewModel: ExampleViewModel = hiltViewModel(),
+) {
+    val state by viewModel.stateFlow.collectAsStateWithLifecycle()
+
+    EventsEffect(viewModel = viewModel) { event ->
+        when (event) {
+            ExampleEvent.NavigateBack -> onNavigateBack()
+            is ExampleEvent.ShowToast -> {
+                // Handle toast
+            }
+        }
+    }
+
+    // Dialogs
+    ExampleDialogs(
+        dialogState = state.dialogState,
+        onDismissRequest = { viewModel.trySendAction(ExampleAction.ErrorDialogDismiss) },
+    )
+
+    val scrollBehavior = TopAppBarDefaults.pinnedScrollBehavior(rememberTopAppBarState())
+    BitwardenScaffold(
+        modifier = Modifier
+            .fillMaxSize()
+            .nestedScroll(scrollBehavior.nestedScrollConnection),
+        topBar = {
+            BitwardenTopAppBar(
+                title = stringResource(id = BitwardenString.example),
+                scrollBehavior = scrollBehavior,
+                navigationIcon = rememberVectorPainter(id = BitwardenDrawable.ic_back),
+                onNavigationIconClick = { viewModel.trySendAction(ExampleAction.BackClick) },
+            )
+        },
+    ) {
+        ExampleScreenContent(
+            state = state,
+            onInputChanged = { viewModel.trySendAction(ExampleAction.InputChanged(it)) },
+            onSubmitClick = { viewModel.trySendAction(ExampleAction.SubmitClick) },
+            modifier = Modifier
+                .fillMaxSize(),
+        )
+    }
+}
+```
+
+---
+
+## Data Layer Template (Repository + Hilt Module)
+
+**Based on**: `app/src/main/kotlin/com/x8bit/bitwarden/data/tools/generator/repository/di/GeneratorRepositoryModule.kt`
+
+### Interface
+
+```kotlin
+/**
+ * Provides data operations for the Example feature.
+ */
+interface ExampleRepository {
+    /**
+     * Submits data and returns a typed result.
+     */
+    suspend fun submitData(input: String): ExampleResult
+
+    /**
+     * Continuously observed data stream.
+     */
+    val dataFlow: StateFlow<DataState<ExampleData>>
+}
+```
+
+### Sealed Result Class
+
+```kotlin
+/**
+ * Domain-specific result for Example operations.
+ */
+sealed class ExampleResult {
+    data class Success(val data: String) : ExampleResult()
+    data class Error(val message: String?) : ExampleResult()
+}
+```
+
+### Implementation
+
+```kotlin
+/**
+ * Default implementation of [ExampleRepository].
+ */
+class ExampleRepositoryImpl(
+    private val exampleDiskSource: ExampleDiskSource,
+    private val exampleService: ExampleService,
+    private val dispatcherManager: DispatcherManager,
+) : ExampleRepository {
+
+    override val dataFlow: StateFlow<DataState<ExampleData>>
+        get() = // ...
+
+    override suspend fun submitData(input: String): ExampleResult {
+        return exampleService
+            .postData(input)
+            .fold(
+                onSuccess = { ExampleResult.Success(it.toModel()) },
+                onFailure = { ExampleResult.Error(it.message) },
+            )
+    }
+}
+```
+
+### Hilt Module
+
+```kotlin
+@Module
+@InstallIn(SingletonComponent::class)
+object ExampleRepositoryModule {
+
+    @Provides
+    @Singleton
+    fun provideExampleRepository(
+        exampleDiskSource: ExampleDiskSource,
+        exampleService: ExampleService,
+        dispatcherManager: DispatcherManager,
+    ): ExampleRepository = ExampleRepositoryImpl(
+        exampleDiskSource = exampleDiskSource,
+        exampleService = exampleService,
+        dispatcherManager = dispatcherManager,
+    )
+}
+```
+
+---
+
+## Security Templates
+
+**Based on**: `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/disk/di/AuthDiskModule.kt` and `AuthDiskSourceImpl.kt`
+
+### Encrypted Disk Source (Module)
+
+```kotlin
+@Module
+@InstallIn(SingletonComponent::class)
+object ExampleDiskModule {
+
+    @Provides
+    @Singleton
+    fun provideExampleDiskSource(
+        @EncryptedPreferences encryptedSharedPreferences: SharedPreferences,
+        @UnencryptedPreferences sharedPreferences: SharedPreferences,
+        json: Json,
+    ): ExampleDiskSource = ExampleDiskSourceImpl(
+        encryptedSharedPreferences = encryptedSharedPreferences,
+        sharedPreferences = sharedPreferences,
+        json = json,
+    )
+}
+```
+
+### Encrypted Disk Source (Implementation)
+
+```kotlin
+/**
+ * Disk source for Example data using encrypted and unencrypted storage.
+ */
+class ExampleDiskSourceImpl(
+    encryptedSharedPreferences: SharedPreferences,
+    sharedPreferences: SharedPreferences,
+    private val json: Json,
+) : BaseEncryptedDiskSource(
+    encryptedSharedPreferences = encryptedSharedPreferences,
+    sharedPreferences = sharedPreferences,
+),
+    ExampleDiskSource {
+
+    private companion object {
+        const val ENCRYPTED_TOKEN_KEY = "exampleToken"
+        const val UNENCRYPTED_PREF_KEY = "examplePreference"
+    }
+
+    override var authToken: String?
+        get() = getEncryptedString(ENCRYPTED_TOKEN_KEY)
+        set(value) { putEncryptedString(ENCRYPTED_TOKEN_KEY, value) }
+
+    override var uiPreference: Boolean
+        get() = getBoolean(UNENCRYPTED_PREF_KEY) ?: false
+        set(value) { putBoolean(UNENCRYPTED_PREF_KEY, value) }
+}
+```
+
+---
+
+## Testing Templates
+
+**Based on**: `app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/generator/GeneratorViewModelTest.kt`
+
+### ViewModel Test
+
+```kotlin
+class ExampleViewModelTest : BaseViewModelTest() {
+
+    // Mock dependencies
+    private val mockRepository = mockk<ExampleRepository>()
+    private val mutableDataFlow = MutableStateFlow<DataState<ExampleData>>(DataState.Loading)
+
+    @BeforeEach
+    fun setup() {
+        every { mockRepository.dataFlow } returns mutableDataFlow
+    }
+
+    @Test
+    fun `initial state should be correct when there is no saved state`() {
+        val viewModel = createViewModel(state = null)
+        assertEquals(DEFAULT_STATE, viewModel.stateFlow.value)
+    }
+
+    @Test
+    fun `initial state should be correct when there is a saved state`() {
+        val savedState = DEFAULT_STATE.copy(data = "saved")
+        val viewModel = createViewModel(state = savedState)
+        assertEquals(savedState, viewModel.stateFlow.value)
+    }
+
+    @Test
+    fun `SubmitClick should call repository and update state on success`() = runTest {
+        val expected = ExampleResult.Success(data = "result")
+        coEvery { mockRepository.submitData(any()) } returns expected
+
+        val viewModel = createViewModel()
+        viewModel.stateFlow.test {
+            // Initial state
+            assertEquals(DEFAULT_STATE, awaitItem())
+
+            viewModel.trySendAction(ExampleAction.SubmitClick)
+
+            // Updated state after result
+            assertEquals(
+                DEFAULT_STATE.copy(data = "result", isLoading = false),
+                awaitItem(),
+            )
+        }
+    }
+
+    @Test
+    fun `SubmitClick should show error dialog on failure`() = runTest {
+        val expected = ExampleResult.Error(message = "Network error")
+        coEvery { mockRepository.submitData(any()) } returns expected
+
+        val viewModel = createViewModel()
+        viewModel.stateFlow.test {
+            assertEquals(DEFAULT_STATE, awaitItem())
+
+            viewModel.trySendAction(ExampleAction.SubmitClick)
+
+            val errorState = awaitItem()
+            assertTrue(errorState.dialogState is ExampleState.DialogState.Error)
+        }
+    }
+
+    @Test
+    fun `BackClick should emit NavigateBack event`() = runTest {
+        val viewModel = createViewModel()
+        viewModel.eventFlow.test {
+            viewModel.trySendAction(ExampleAction.BackClick)
+            assertEquals(ExampleEvent.NavigateBack, awaitItem())
+        }
+    }
+
+    // Helper to create ViewModel with optional saved state
+    private fun createViewModel(
+        state: ExampleState? = DEFAULT_STATE,
+    ): ExampleViewModel = ExampleViewModel(
+        savedStateHandle = SavedStateHandle(
+            mapOf(KEY_STATE to state),
+        ),
+        exampleRepository = mockRepository,
+    )
+
+    companion object {
+        private val DEFAULT_STATE = ExampleState(
+            isLoading = false,
+            data = null,
+        )
+    }
+}
+```
+
+### Flow Testing with stateEventFlow
+
+```kotlin
+@Test
+fun `SubmitClick should update state and emit event`() = runTest {
+    coEvery { mockRepository.submitData(any()) } returns ExampleResult.Success("data")
+
+    val viewModel = createViewModel()
+    viewModel.stateEventFlow(backgroundScope) { stateFlow, eventFlow ->
+        viewModel.trySendAction(ExampleAction.SubmitClick)
+
+        // Assert state change
+        assertEquals(
+            DEFAULT_STATE.copy(data = "data"),
+            stateFlow.awaitItem(),
+        )
+
+        // Assert event emission
+        assertEquals(
+            ExampleEvent.ShowToast("Success".asText()),
+            eventFlow.awaitItem(),
+        )
+    }
+}
+```

.claude/skills/labeling-android-changes/SKILL.md

@@ -0,0 +1,40 @@
+---
+name: labeling-android-changes
+version: 0.1.0
+description: Conventional commit type keywords for PR titles and commit messages. Use when determining the change type for commits or PRs. Triggered by "what type", "label", "change type", "conventional commit", "t: label".
+---
+
+# Labeling Changes
+
+PR titles and commit messages must include a conventional commit type keyword. This keyword drives automatic `t:` label assignment via CI (`.github/workflows/sdlc-label-pr.yml`).
+
+## Format
+
+The type keyword appears after the Jira ticket prefix:
+
+```
+[PM-XXXXX] <type>: <imperative summary>
+```
+
+## Type Keywords
+
+| Type | Label | Use for |
+|------|-------|---------|
+| `feat` | `t:feature` | New features or functionality |
+| `fix` | `t:bug` | Bug fixes |
+| `refactor` | `t:tech-debt` | Code restructuring without behavior change |
+| `chore` | `t:tech-debt` | Maintenance, cleanup, minor tweaks |
+| `test` | `t:tech-debt` | Adding or updating tests |
+| `perf` | `t:tech-debt` | Performance improvements |
+| `docs` | `t:docs` | Documentation changes |
+| `ci` / `build` | `t:ci` | CI/CD and build system changes |
+| `deps` | `t:deps` | Dependency updates |
+| `llm` | `t:llm` | LLM/Claude configuration changes |
+| `breaking` | `t:breaking-change` | Breaking changes requiring migration |
+| `misc` | `t:misc` | Changes that do not fit other categories |
+
+## Selecting a Type
+
+Infer the type from the task description and changes made. **If the type cannot be confidently determined, ask the user.**
+
+The CI labeling script matches `<type>:` or `<type>(` in the lowercased PR title, so the keyword must be followed by a colon or parenthesis. CI also accepts additional aliases (e.g., `revert`, `bugfix`, `cleanup`). See `.github/label-pr.json` for the full mapping.

.claude/skills/perform-android-preflight-checklist/SKILL.md

@@ -0,0 +1,37 @@
+---
+name: perform-android-preflight-checklist
+version: 0.1.0
+description: Quality gate checklist to run before committing or creating a PR. Use when finishing implementation, checking work quality, or preparing to commit. Triggered by "self review", "check my work", "ready to commit", "done implementing", "review checklist", "quality check".
+---
+
+# Self-Review Checklist
+
+Run through this checklist before committing or opening a PR.
+
+## Tests
+- [ ] Tests pass with correct flavor: `./gradlew app:testStandardDebugUnitTest`
+- [ ] New code has corresponding test coverage
+- [ ] Tests for affected modules also pass (`:core:test`, `:data:test`, etc.)
+
+## Code Quality
+- [ ] Lint/detekt clean: `./gradlew detekt`
+- [ ] No unintended file changes (`git diff` review)
+- [ ] KDoc on all new public APIs
+- [ ] No TODO comments left behind (or they reference a ticket)
+
+## Security
+- [ ] No plaintext keys, tokens, or secrets in code
+- [ ] User input validated before processing
+- [ ] Sensitive data uses encrypted storage patterns
+- [ ] No logging of sensitive data (passwords, keys, tokens)
+
+## Bitwarden Patterns
+- [ ] String resources in `:ui` module with typographic quotes
+- [ ] Navigation route is `@Serializable` and registered in graph
+- [ ] New implementations have Hilt `@Binds` or `@Provides` in a module
+- [ ] ViewModel extends `BaseViewModel<S, E, A>` with proper state persistence
+- [ ] Async results mapped through internal actions (not direct state updates)
+
+## Files
+- [ ] No accidental `.idea/`, build output, or generated files staged
+- [ ] No credential files or `.env` files included

.claude/skills/planning-android-implementation/SKILL.md

@@ -0,0 +1,191 @@
+---
+name: planning-android-implementation
+version: 0.1.0
+description: Architecture design and phased implementation planning for Bitwarden Android. Use when planning implementation, designing architecture, creating file inventories, or breaking features into phases. Triggered by "plan implementation", "architecture design", "implementation plan", "break this into phases", "what files do I need", "design the architecture".
+---
+
+# Implementation Planning
+
+This skill takes a refined specification (ideally from the `refining-android-requirements` skill) and produces a phased implementation plan with architecture design, file inventory, and risk assessment.
+
+**Prerequisite**: A clear set of requirements. If requirements are vague or incomplete, invoke the `refining-android-requirements` skill first.
+
+---
+
+## Step 1: Classify Change
+
+Determine the change type to guide scope and planning depth:
+
+| Type | Description | Typical Scope |
+|------|-------------|---------------|
+| **New Feature** | Entirely new functionality, screens, or flows | New files + modifications, multi-phase |
+| **Enhancement** | Extending existing feature with new capabilities | Mostly modifications, 1-2 phases |
+| **Bug Fix** | Correcting incorrect behavior | Targeted modifications, single phase |
+| **Refactoring** | Restructuring without behavior change | Modifications only, migration-aware |
+| **Infrastructure** | Build, CI, tooling, or dependency changes | Config files, minimal code changes |
+
+State the classification and rationale before proceeding.
+
+---
+
+## Step 2: Codebase Exploration
+
+Search the codebase to find reference implementations and integration points. Use the discovery commands from the `build-test-verify` skill as needed.
+
+### Find Pattern Anchors
+
+Identify 2-3 existing files that serve as templates for the planned work:
+
+```
+**Pattern Anchors:**
+1. [file path] — [why this is a good reference]
+2. [file path] — [why this is a good reference]
+3. [file path] — [why this is a good reference]
+```
+
+### Map Integration Points
+
+Identify files that must be modified to integrate the new work:
+
+- **Navigation**: Nav graph registrations, route definitions
+- **Dependency Injection**: Hilt modules, `@Provides` / `@Binds` functions
+- **Data Layer**: Repository interfaces, data source interfaces, Room DAOs
+- **API Layer**: Retrofit service interfaces, request/response models
+- **Feature Flags**: Feature flag definitions and checks
+- **Managers**: Single-responsibility data layer classes (see `docs/ARCHITECTURE.md` Managers section)
+- **Test Fixtures**: Shared test utilities in `src/testFixtures/` directories
+- **Product Flavor Source Sets**: Code in `src/standard/` vs `src/main/` for Play Services dependencies
+
+### Document Existing Patterns
+
+Note the specific patterns used by the pattern anchors:
+- State class structure (sealed class, data class fields)
+- Action/Event naming conventions
+- Repository method signatures and return types
+- Test structure and assertion patterns
+
+---
+
+## Step 3: Architecture Design
+
+Produce an ASCII diagram showing component relationships for the planned work:
+
+```
+┌─────────────────┐
+│   Screen        │ ← Compose UI
+│  (Composable)   │
+└────────┬────────┘
+         │ State / Action / Event
+┌────────▼────────┐
+│   ViewModel     │ ← Business logic orchestration
+└────────┬────────┘
+         │ Repository calls
+┌────────▼────────┐
+│   Repository    │ ← Data coordination (sealed class results)
+└───┬────┬────┬───┘
+    │    │    │
+┌───▼───┐ │ ┌─▼──────┐
+│Manager│ │ │Manager │ ← Single-responsibility (optional)
+└───┬───┘ │ └─┬──────┘
+    │     │   │
+┌───▼─────▼───▼────┐
+│   Data Sources   │ ← Raw data (Result<T>, never throw)
+└─┬────┬────┬──────┘
+  │    │    │
+ Room Retrofit SDK
+```
+
+Adapt the diagram to show the actual components planned. _Consult `docs/ARCHITECTURE.md` for full data layer patterns and conventions._
+
+### Design Decisions
+
+Document key architectural decisions in a table:
+
+| Decision | Resolution | Rationale |
+|----------|-----------|-----------|
+| [What needed deciding] | [What was chosen] | [Why] |
+
+---
+
+## Step 4: File Inventory
+
+### Files to Create
+
+| File Path | Type | Pattern Reference |
+|-----------|------|-------------------|
+| [full path] | [ViewModel / Screen / Repository / etc.] | [pattern anchor file] |
+
+**Include in file inventory:**
+- `...Navigation.kt` files for new screens
+- `...Module.kt` Hilt module files for new DI bindings
+- Paired test files (`...Test.kt`) for each new class
+
+### Files to Modify
+
+| File Path | Change Description | Risk Level |
+|-----------|-------------------|------------|
+| [full path] | [what changes] | Low / Medium / High |
+
+**Risk levels:**
+- **Low**: Additive changes (new entries in nav graph, new bindings in Hilt module)
+- **Medium**: Modifying existing logic (adding parameters, new branches)
+- **High**: Changing interfaces, data models, or shared utilities
+
+---
+
+## Step 5: Implementation Phases
+
+Break the work into sequential phases. Each phase should be independently testable and committable.
+
+**Phase ordering principle**: Foundation → SDK/Data → Network → UI (tests accompany each phase)
+
+For each phase:
+
+```markdown
+### Phase N: [Name]
+
+**Goal**: [What this phase accomplishes]
+
+**Files**:
+- Create: [list]
+- Modify: [list]
+
+**Tasks**:
+1. [Specific implementation task]
+2. [Specific implementation task]
+3. ...
+
+**Verification**:
+- [Test command or manual verification step]
+
+**Skills**: [Which workflow skills apply — e.g., `implementing-android-code`, `testing-android-code`]
+```
+
+### Phase Guidelines
+
+- Each phase should be small enough to be independently testable and committable
+- Tests are written within the same phase as the code they verify (not deferred to a "testing phase")
+- UI phases come after their data dependencies are in place
+- If a phase has more than 5 tasks, consider splitting it
+
+---
+
+## Step 6: Risk & Verification
+
+### Risk Assessment
+
+| Risk | Likelihood | Impact | Mitigation |
+|------|-----------|--------|------------|
+| [What could go wrong] | Low/Med/High | Low/Med/High | [How to prevent or handle] |
+
+### Verification Plan
+
+**Automated Verification:**
+- Unit test commands (from `build-test-verify` skill)
+- Lint/detekt commands
+- Build verification
+
+**Manual Verification:**
+- [Specific manual test scenarios]
+- [Edge cases to manually verify]
+- Verify ViewModel state survives process death (test via `SavedStateHandle` persistence and `Don't keep activities` developer option)

.claude/skills/refining-android-requirements/SKILL.md

@@ -0,0 +1,181 @@
+---
+name: refining-android-requirements
+version: 0.1.0
+description: Requirements gap analysis and structured specification for Bitwarden Android. Use when refining requirements, analyzing specs, identifying gaps, or producing structured specifications from tickets or descriptions. Triggered by "refine requirements", "gap analysis", "spec review", "requirements analysis", "what's missing from this spec", "analyze this ticket".
+---
+
+# Requirements Refinement
+
+This skill takes raw requirements (from Jira tickets, Confluence pages, or free-text descriptions) and produces a structured, implementation-ready specification through systematic gap analysis.
+
+**Key principle**: This skill identifies gaps and produces specifications. It does NOT propose solutions or architecture — that is the responsibility of the `planning-android-implementation` skill.
+
+---
+
+## Step 1: Source Consolidation
+
+Combine all input sources into a single working document. For each requirement, note its source:
+
+```
+- [Source: PM-12345] User must be able to configure timeout
+- [Source: Confluence] Timeout range is 1-60 minutes
+- [Source: User] Default timeout should be 15 minutes
+```
+
+Flag any contradictions between sources for immediate resolution.
+
+---
+
+## Step 2: Gap Analysis
+
+Evaluate the consolidated requirements against the following 5-category rubric. For each category, check every item and note whether it is **covered**, **partially covered**, or **missing**.
+
+### A. Functional Requirements
+
+| Check | Question to Ask If Missing |
+|-------|---------------------------|
+| User actions defined? | What specific user actions trigger this feature? |
+| All states covered? (empty, loading, error, success) | What should the user see in [empty/loading/error] state? |
+| Edge cases identified? | What happens when [boundary condition]? |
+| Cancellation/back navigation flows? | Can the user cancel mid-flow? What happens to partial data? |
+| Input validation rules? | What are the valid ranges/formats for [input]? |
+| Success/failure criteria? | How does the user know the operation succeeded or failed? |
+| Offline behavior? | What happens if this is attempted offline? |
+
+### B. Technical Requirements
+
+| Check | Question to Ask If Missing |
+|-------|---------------------------|
+| Module scope identified? (`:app`, `:authenticator`, shared) | Which module(s) does this feature belong to? |
+| SDK dependencies? | Does this require Bitwarden SDK operations? Which ones? |
+| Data storage approach? (Room, DataStore, in-memory) | Where is the data for this feature persisted? |
+| Network API endpoints? | Which API endpoints are involved? Are they existing or new? |
+| Process death handling? | What state needs to survive process death? |
+| Migration requirements? | Does existing data need migration? |
+| Feature flag needed? | Should this be behind a feature flag for staged rollout? |
+| Product flavors (standard vs fdroid)? | Does this feature depend on Google Play Services? Available on F-Droid? |
+| Data layer tier? | Does this need a new Manager (single-responsibility) or only Repository/DataSource? Consult `docs/ARCHITECTURE.md` Data Layer section. |
+| Streaming vs discrete data? | Is data continuously observed (`DataState<T>` + `StateFlow`) or a one-shot operation (custom sealed class)? See `docs/ARCHITECTURE.md` Repositories section. |
+
+### C. Security Requirements
+
+| Check | Question to Ask If Missing |
+|-------|---------------------------|
+| Data sensitivity classified? | What sensitivity level does this data have? (vault-level, account-level, non-sensitive) |
+| Storage encryption required? | Must this data be encrypted at rest? Via SDK or Android Keystore? |
+| Logout cleanup behavior? | What must be cleared when the user logs out? |
+| Auth-gating? | Does accessing this feature require active authentication? |
+| Input sanitization? | Are there URL or credential inputs that need validation? |
+| Sensitive data in ViewModel state? | Will passwords, tokens, or keys appear in state? Must use `@IgnoredOnParcel`. See `implementing-android-code` skill Section F. |
+| SDK crypto context isolation? | Does this use vault encryption? Must use `ScopedVaultSdkSource` for multi-account safety. See CLAUDE.md Security Rules. |
+
+### D. UX/UI Requirements
+
+| Check | Question to Ask If Missing |
+|-------|---------------------------|
+| UI copy/strings defined? | What text should appear for [label/button/message]? |
+| Error messages specified? | What should the error message say when [failure case]? |
+| Loading states designed? | Should loading show a spinner, skeleton, or shimmer? |
+| Navigation flow clear? | Where does the user go after [action]? Back stack behavior? |
+| Accessibility considerations? | Are there content descriptions or focus order requirements? |
+| Toast/snackbar/dialog for feedback? | What feedback mechanism for [action result]? |
+
+### E. Cross-Cutting Concerns
+
+| Check | Question to Ask If Missing |
+|-------|---------------------------|
+| Multi-account behavior? | How does this behave with multiple accounts? Per-account or global? |
+| Backwards compatibility? | Does this affect existing users? Migration path? |
+| Feature flag strategy? | Is this behind a server-side or local feature flag? |
+| Analytics/logging? | Are there analytics events to track? |
+| Bitwarden Authenticator impact? | Does this affect the `:authenticator` module? |
+| F-Droid compatibility? | Does this degrade gracefully without Google Play Services (no push notifications, no Play Integrity)? |
+
+---
+
+## Step 3: Present Gaps
+
+Organize all identified gaps into two categories:
+
+### Blocking Questions
+
+Questions that **must** be answered before implementation can begin because they change the architecture, data model, or core flow.
+
+Format each question as:
+
+```
+**G[N]** ([Category]) — [Question text]
+  Context: [Why this matters / what depends on the answer]
+```
+
+### Non-Blocking Questions
+
+Questions that have **reasonable defaults** and can be resolved during implementation. Note the assumed default.
+
+Format each question as:
+
+```
+**G[N]** ([Category]) — [Question text]
+  Default assumption: [What we'll assume if not answered]
+  Context: [Why this matters]
+```
+
+---
+
+## Step 4: Produce Specification
+
+After the user answers blocking questions (and optionally non-blocking ones), produce a structured specification:
+
+```markdown
+## Overview
+
+[1-2 paragraph summary of the feature, its purpose, and scope]
+
+## Functional Requirements
+
+| ID | Requirement | Source | Notes |
+|----|------------|--------|-------|
+| FR1 | [requirement] | [source] | [any notes] |
+| FR2 | ... | ... | ... |
+
+## Technical Requirements
+
+| ID | Requirement | Source | Notes |
+|----|------------|--------|-------|
+| TR1 | [requirement] | [source] | [any notes] |
+| TR2 | ... | ... | ... |
+
+## Security Requirements
+
+| ID | Requirement | Source | Notes |
+|----|------------|--------|-------|
+| SR1 | [requirement] | [source] | [any notes] |
+
+## UX Requirements
+
+| ID | Requirement | Source | Notes |
+|----|------------|--------|-------|
+| UX1 | [requirement] | [source] | [any notes] |
+
+## Open Items
+
+Non-blocking items with assumed defaults that may be revisited:
+
+| ID | Question | Assumed Default | Category |
+|----|----------|----------------|----------|
+| G[N] | [question] | [default] | [category] |
+
+## Source Documentation
+
+| Source | Type | Link |
+|--------|------|------|
+| [name] | Jira / Confluence / User-provided | [link if available] |
+```
+
+### Output Guidelines
+
+- Requirements use numbered IDs (FR1, TR1, SR1, UX1) for traceability through implementation
+- Each requirement cites its source (ticket, page, or user-provided)
+- Technical requirements use table format for structured key/value data
+- Interface signatures are included as fenced code blocks when applicable
+- Open items preserve the gap ID (G[N]) for cross-referencing

.claude/skills/reviewing-changes/SKILL.md

@@ -1,76 +1,39 @@
 ---
 name: reviewing-changes
-version: 2.0.0
-description: Comprehensive code reviews for Bitwarden Android. Detects change type (dependency update, bug fix, feature, UI, refactoring, infrastructure) and applies appropriate review depth. Validates MVVM patterns, Hilt DI, security requirements, and test coverage per project standards. Use when reviewing pull requests, checking commits, analyzing code changes, or evaluating architectural compliance.
+description: Android-specific code review checklist and MVVM/Compose pattern validation for Bitwarden Android — use this for any review task, even if the user doesn't explicitly ask for a "checklist". Detects change type automatically and loads the right review strategy (feature additions, bug fixes, UI refinements, refactoring, dependency updates, infrastructure). Triggered by "review PR", "review changes", "review this code", "check this code", "Android review", code review requests on Kotlin/ViewModel/Composable/Repository/Gradle files, or any time someone asks to look at a diff, PR, or code changes in bitwarden/android.
 ---
 
-# Reviewing Changes
+# Reviewing Changes - Android Additions
+
+This skill provides Android-specific workflow additions that complement the base `bitwarden-code-reviewer` agent standards.
 
 ## Instructions
 
-**IMPORTANT**: Use structured thinking throughout your review process. Plan your analysis in `<thinking>` tags before providing final feedback. This improves accuracy by 40% according to research.
+**IMPORTANT**: Work systematically through each step before providing feedback. Each checklist file includes structured thinking guidance for its review passes.
 
-### Step 1: Check for Existing Review Threads
+### Step 1: Retrieve Additional Details
 
-Always check for existing comment threads to avoid duplicate comments:
+Retrieve any additional information linked to the pull request using available tools (JIRA MCP, GitHub API).
 
-<thinking>
-Before creating any comments:
-1. Is this a fresh review or re-review of the same PR?
-2. What existing discussion might already exist?
-3. Which findings should update existing threads vs create new?
-</thinking>
+If pull request title and message do not provide enough context, request additional details from the reviewer:
+- Link a JIRA ticket
+- Associate a GitHub issue
+- Link to another pull request
+- Add more detail to the PR title or body
 
-**Thread Detection Procedure:**
+**Android metadata checks** — flag as ❓ if any of these are missing:
+- PR includes `*Screen.kt` or Composable changes but has no screenshots
+- PR adds new `ViewModel` or `Repository` but has no test plan or test file changes
 
-1. **Fetch existing comment count:**
-   ```bash
-   gh pr view <pr-number> --json comments --jq '.comments | length'
-   ```
+### Step 2: Detect Change Type with Android Refinements
 
-2. **If count = 0:** No existing threads. Skip to Step 2 (all comments will be new).
+Use the base change type detection from the agent, with Android-specific refinements:
 
-3. **If count > 0:** Fetch full comment data to check for existing threads.
-   ```bash
-   gh pr view <pr-number> --json comments --jq '.comments[] | {id, path, line, body}' > pr_comments.json
-   ```
-
-4. **Parse existing threads:** Extract file paths, line numbers, and issue summaries from previous review comments.
-   - Build map: `{file:line → {comment_id, issue_summary, resolved}}`
-   - Note which issues already have active discussions
-
-5. **Matching Strategy (Hybrid Approach):**
-   When you identify an issue to comment on:
-   - **Exact match:** Same file + same line number → existing thread found
-   - **Nearby match:** Same file + line within ±5 → existing thread found
-   - **No match:** Create new inline comment
-
-6. **Handling Evolved Issues:**
-   - **Issue persists unchanged:** Respond in existing thread with update
-   - **Issue resolved:** Note resolution in thread response (can mark as resolved if supported)
-   - **Issue changed significantly:** Resolve/close old thread, create new comment explaining evolution
-
-### Step 2: Detect Change Type
-
-<thinking>
-Analyze the changeset systematically:
-1. What files were modified? (code vs config vs docs)
-2. What is the PR/commit title indicating?
-3. Is there new functionality or just modifications?
-4. What's the risk level of these changes?
-</thinking>
-
-Analyze the changeset to determine the primary change type:
-
-**Detection Rules:**
-- **Dependency Update**: Only gradle files changed (`libs.versions.toml`, `build.gradle.kts`) with version number modifications
-- **Bug Fix**: PR/commit title contains "fix", "bug", or issue ID; addresses existing broken behavior
-- **Feature Addition**: New files, new ViewModels, significant new functionality
-- **UI Refinement**: Only UI/Compose files changed, layout/styling focus
-- **Refactoring**: Code restructuring without behavior change, pattern improvements
-- **Infrastructure**: CI/CD files, Gradle config, build scripts, tooling changes
-
-If changeset spans multiple types, use the most complex type's checklist.
+**Android-specific patterns:**
+- **Feature Addition**: New `ViewModel`, new `Repository`, new `@Composable` functions, new `*Screen.kt` files
+- **UI Refinement**: Changes only in `*Screen.kt`, `*Composable.kt`, `ui/` package files
+- **Infrastructure**: Changes to `.github/workflows/`, `gradle/`, `build.gradle.kts`, `libs.versions.toml`
+- **Dependency Update**: Changes only to `libs.versions.toml` or `build.gradle.kts` with version bumps
 
 ### Step 3: Load Appropriate Checklist
 
@@ -89,23 +52,15 @@ The checklist provides:
 - What to check and what to skip
 - Structured thinking guidance
 
-### Step 4: Execute Review with Structured Thinking
-
-<thinking>
-Before diving into details:
-1. What are the highest-risk areas of this change?
-2. Which architectural patterns need verification?
-3. What security implications exist?
-4. How should I prioritize my findings?
-5. What tone is appropriate for this feedback?
-</thinking>
+### Step 4: Execute Review Following Checklist
 
 Follow the checklist's multi-pass strategy, thinking through each pass systematically.
 
-### Step 5: Consult Reference Materials As Needed
+### Step 5: Consult Android Reference Materials As Needed
 
 Load reference files only when needed for specific questions:
 
+- **Re-reviews** → invoke `reviewing-incremental-changes` agent skill; scope to changed lines only, do not flag new issues in unchanged code
 - **Issue prioritization** → `reference/priority-framework.md` (Critical vs Suggested vs Optional)
 - **Phrasing feedback** → `reference/review-psychology.md` (questions vs commands, I-statements)
 - **Architecture questions** → `reference/architectural-patterns.md` (MVVM, Hilt DI, module org, error handling)
@@ -115,206 +70,11 @@ Load reference files only when needed for specific questions:
 - **UI questions** → `reference/ui-patterns.md` (Compose patterns, theming)
 - **Style questions** → `docs/STYLE_AND_BEST_PRACTICES.md`
 
-### Step 6: Document Findings
-
-## 🛑 STOP: Determine Output Format FIRST
-
-<thinking>
-Before writing ANY output, answer this critical question:
-1. Did I find ANY issues (Critical, Important, Suggested, or Questions)?
-2. If NO issues found → This is a CLEAN PR → Use 2-3 line minimal format and STOP
-3. If issues found → Use verdict + critical issues list + inline comments format
-4. NEVER create praise sections or elaborate on correct implementations
-</thinking>
-
-**Decision Tree:**
-
-```
-Do you have ANY issues to report (Critical/Important/Suggested/Questions)?
-│
-├─ NO → CLEAN PR
-│   └─ Use 2-3 line format:
-│       "**Overall Assessment:** APPROVE
-│        [One sentence describing what PR does well]"
-│   └─ STOP. Do not proceed to detailed format guidance.
-│
-└─ YES → PR WITH ISSUES
-    └─ Use minimal summary + inline comments:
-        "**Overall Assessment:** APPROVE / REQUEST CHANGES
-         **Critical Issues:**
-         - [issue with file:line]
-         See inline comments for details."
-```
-
-## Special Case: Clean PRs with No Issues
-
-When you find NO critical, important, or suggested issues:
-
-**Minimal Approval Format (REQUIRED):**
-```
-**Overall Assessment:** APPROVE
-
-[One sentence describing what the PR does well]
-```
-
-**Examples:**
-- "Clean refactoring following established patterns"
-- "Solid bug fix with comprehensive test coverage"
-- "Well-structured feature implementation meeting all standards"
-
-**NEVER do this for clean PRs:**
-- ❌ Multiple sections (Key Strengths, Changes, Code Quality, etc.)
-- ❌ Listing everything that was done correctly
-- ❌ Checkmarks for each file or pattern followed
-- ❌ Elaborate praise or detailed positive analysis
-- ❌ Tables, statistics, or detailed breakdowns
-
-**Why brevity matters:**
-- Respects developer time (quick approval = move forward faster)
-- Reduces noise in PR conversations
-- Saves tokens and processing time
-- Focuses attention on PRs that actually need discussion
-
-**If you're tempted to write more than 3 lines for a clean PR, STOP. You're doing it wrong.**
-
----
-
-<thinking>
-Before writing each comment:
-1. Is this issue Critical, Important, Suggested, or just Acknowledgment?
-2. Should I ask a question or provide direction?
-3. What's the rationale I need to explain?
-4. What code example would make this actionable?
-5. Is there a documentation reference to include?
-</thinking>
-
-**CRITICAL**: Use summary comment + inline comments approach.
-
-**Review Comment Structure**:
-- Create ONE summary comment with overall verdict + critical issues list
-- Create separate inline comment for EACH specific issue on the exact line with full details
-- Summary directs readers to inline comments ("See inline comments for details")
-- Do NOT duplicate issue details between summary and inline comments
-
-### CRITICAL: No Praise-Only Comments
-
-❌ **NEVER** create inline comments solely for positive feedback
-❌ **NEVER** create summary sections like "Strengths", "Good Practices", "What Went Well"
-❌ **NEVER** use inline comments to elaborate on correct implementations
-
-Focus exclusively on actionable feedback. Reserve comments for issues requiring attention.
-
-**Inline Comment Format** (REQUIRED: Use `<details>` Tags):
-
-**MUST use `<details>` tags for ALL inline comments.** Only severity + one-line description should be visible; all other content must be collapsed.
-
-```
-[emoji] **[SEVERITY]**: [One-line issue description]
-
-<details>
-<summary>Details and fix</summary>
-
-[Code example or specific fix]
-
-[Rationale explaining why]
-
-Reference: [docs link if applicable]
-</details>
-```
-
-**Visibility Rule:**
-- **Visible:** Severity prefix (emoji + text) + one-line description
-- **Collapsed in `<details>`:** Code examples, rationale, explanations, references
-
-**Example inline comment**:
-```
-⚠️ **CRITICAL**: Exposes mutable state
-
-<details>
-<summary>Details and fix</summary>
-
-Change `MutableStateFlow<State>` to `StateFlow<State>`:
-
-\```kotlin
-private val _state = MutableStateFlow<State>()
-val state: StateFlow<State> = _state.asStateFlow()
-\```
-
-Exposing MutableStateFlow allows external mutation, violating MVVM unidirectional data flow.
-
-Reference: docs/ARCHITECTURE.md#mvvm-pattern
-</details>
-```
-
-**Summary Comment Format (REQUIRED - No Exceptions):**
-
-When you have issues to report, use this format ONLY:
-
-```
-**Overall Assessment:** APPROVE / REQUEST CHANGES
-
-**Critical Issues** (if any):
-- [One-line summary with file:line reference]
-
-See inline comments for all details.
-```
-
-**Maximum Length**: 5-10 lines total, regardless of PR size or complexity.
-
-**No exceptions for**:
-- ❌ Large PRs (10+ files)
-- ❌ Multiple issue domains
-- ❌ High-severity issues
-- ❌ Complex changes
-
-All details belong in inline comments with `<details>` tags, NOT in the summary.
-
-**Output Format Rules**:
-
-**What to Include:**
-- **Inline comments**: Create separate comment for EACH specific issue with full details in `<details>` tag
-- **Summary comment**: Overall assessment (APPROVE/REQUEST CHANGES) + list of CRITICAL issues only
-- **Severity levels** (hybrid emoji + text format):
-  - ⚠️ **CRITICAL** (blocking)
-  - 📋 **IMPORTANT** (should fix)
-  - 💡 **SUGGESTED** (nice to have)
-  - ❓ **QUESTION** (seeking clarification)
-
-**What to Exclude:**
-- **No duplication**: Never repeat inline comment details in the summary
-- **No Important/Suggested in summary**: Only CRITICAL blocking issues belong in summary
-- **No "Good Practices"/"Strengths" sections**: Never include positive commentary sections
-- **No "Action Items" section**: This duplicates inline comments - avoid entirely
-- **No verbose analysis**: Keep detailed analysis (compilation status, security review, rollback plans) in inline comments only
-
-### ❌ Common Anti-Patterns to Avoid
-
-**DO NOT:**
-- Create multiple summary sections (Strengths, Recommendations, Test Coverage Status, Architecture Compliance)
-- Duplicate critical issues in both summary and inline comments
-- Write elaborate descriptions in summary (details belong in inline comments)
-- Exceed 5-10 lines for simple PRs
-- Create inline comments that only provide praise
-
-**DO:**
-- Put verdict + critical issue list ONLY in summary
-- Put ALL details (explanations, code, rationale) in inline comments with `<details>` collapse
-- Keep summary to 5-10 lines maximum, regardless of PR size or your analysis depth
-- Focus comments exclusively on actionable issues
-
-**Visibility Guidelines:**
-- **Inline comments visible**: Severity + one-line description only
-- **Inline comments collapsed**: Code examples, rationale, references in `<details>` tag
-- **Summary visible**: Verdict + critical issues list only
-
-See `examples/review-outputs.md` for complete examples.
-
 ## Core Principles
 
-- **Minimal reviews for clean PRs**: 2-3 lines when no issues found (see Step 6 format guidance)
-- **Issues-focused feedback**: Only comment when there's something actionable; acknowledge good work briefly without elaboration (see priority-framework.md:145-166)
+- **Priority order**: Security → Correctness → Breaking Changes → Performance → Maintainability
 - **Appropriate depth**: Match review rigor to change complexity and risk
 - **Specific references**: Always use `file:line_number` format for precise location
 - **Actionable feedback**: Say what to do and why, not just what's wrong
-- **Constructive tone**: Ask questions for design decisions, explain rationale, focus on code not people
-- **Efficient reviews**: Use multi-pass strategy, time-box reviews, skip what's not relevant
+- **Efficient reviews**: Use multi-pass strategy, skip what's not relevant
+- **Android patterns**: Validate MVVM, Hilt DI, Compose conventions, Kotlin idioms

.claude/skills/reviewing-changes/checklists/bug-fix.md

@@ -4,15 +4,6 @@
 
 ### First Pass: Understand the Bug
 
-<thinking>
-Before evaluating the fix:
-1. What was the original bug/broken behavior?
-2. What is the expected correct behavior?
-3. What was the root cause?
-4. How was the bug discovered? (user report, test, production)
-5. What's the severity? (crash, data loss, UI glitch, minor annoyance)
-</thinking>
-
 **1. Understand root cause:**
 - What was the broken behavior?
 - What caused it?
@@ -29,15 +20,6 @@ Before evaluating the fix:
 
 ### Second Pass: Verify the Fix
 
-<thinking>
-Evaluate the fix systematically:
-1. Does this fix address the root cause or just symptoms?
-2. Are there edge cases not covered?
-3. Could this break other functionality?
-4. Is the fix localized or does it ripple through the codebase?
-5. How do we prevent this bug from returning?
-</thinking>
-
 **4. Code changes:**
 - Does the fix make sense?
 - Is it the simplest solution?
@@ -101,16 +83,7 @@ Use `reference/priority-framework.md` to classify findings as Critical/Important
 
 ## Output Format
 
-Follow the format guidance from `SKILL.md` Step 5 (concise summary with critical issues only, detailed inline comments with `<details>` tags).
-
-```markdown
-**Overall Assessment:** APPROVE / REQUEST CHANGES
-
-**Critical Issues** (if any):
-- [One-line summary of each critical blocking issue with file:line reference]
-
-See inline comments for all issue details.
-```
+See `examples/review-outputs.md` for the required output format and inline comment structure.
 
 ## Example Review
 

.claude/skills/reviewing-changes/checklists/dependency-update.md

@@ -4,15 +4,6 @@
 
 ### First Pass: Identify and Assess
 
-<thinking>
-Before diving into details:
-1. Which dependencies were updated?
-2. What are the version changes? (patch, minor, major)
-3. Are any security-sensitive libraries involved? (crypto, auth, networking)
-4. Any pre-release versions (alpha, beta, RC)?
-5. What's the blast radius if something breaks?
-</thinking>
-
 **1. Identify the change:**
 - Which library? Old version → New version?
 - Major (X.0.0), Minor (0.X.0), or Patch (0.0.X) version change?
@@ -25,15 +16,6 @@ Before diving into details:
 
 ### Second Pass: Deep Analysis
 
-<thinking>
-For each dependency update:
-1. What changes are in this release?
-2. Are there breaking changes?
-3. Are there security fixes?
-4. Do we use the affected APIs?
-5. How does this affect our codebase?
-</thinking>
-
 **3. Review release notes** (if available):
 - Breaking changes mentioned?
 - Security fixes included?
@@ -92,16 +74,7 @@ Use `reference/priority-framework.md` to classify findings as Critical/Important
 
 ## Output Format
 
-Follow the format guidance from `SKILL.md` Step 5 (concise summary with critical issues only, detailed inline comments with `<details>` tags).
-
-```markdown
-**Overall Assessment:** APPROVE / REQUEST CHANGES
-
-**Critical Issues** (if any):
-- [One-line summary of each critical blocking issue with file:line reference]
-
-See inline comments for all issue details.
-```
+See `examples/review-outputs.md` for the required output format and inline comment structure.
 
 ## Example Reviews
 

.claude/skills/reviewing-changes/checklists/feature-addition.md

@@ -4,15 +4,6 @@
 
 ### First Pass: High-Level Assessment
 
-<thinking>
-Before diving into details:
-1. What is this feature supposed to do?
-2. How does it fit into the existing architecture?
-3. What are the security implications?
-4. What's the scope? (files touched, modules affected)
-5. What are the highest-risk areas?
-</thinking>
-
 **1. Understand the feature:**
 - Read PR description - what problem does this solve?
 - Identify user-facing changes vs internal changes
@@ -30,15 +21,6 @@ Before diving into details:
 
 ### Second Pass: Architecture Deep-Dive
 
-<thinking>
-Verify architectural integrity:
-1. Does this follow MVVM + UDF pattern?
-2. Is Hilt DI used correctly?
-3. Is state management proper (StateFlow, immutability)?
-4. Are modules organized correctly?
-5. Is error handling robust (Result types)?
-</thinking>
-
 **4. MVVM + UDF Pattern Compliance:**
 - ViewModels properly structured?
 - State management using StateFlow?
@@ -60,15 +42,6 @@ Verify architectural integrity:
 
 ### Third Pass: Details and Quality
 
-<thinking>
-Check quality and completeness:
-1. Is code quality high? (null safety, documentation, naming)
-2. Are tests comprehensive? (unit + integration)
-3. Are there edge cases not covered?
-4. Is documentation clear?
-5. Are there any code smells or anti-patterns?
-</thinking>
-
 **8. Testing:**
 - Unit tests for ViewModels and repositories?
 - Test coverage for edge cases and error scenarios?
@@ -86,144 +59,13 @@ Check quality and completeness:
 
 ## Architecture Review
 
-### MVVM Pattern Compliance
+Read `reference/architectural-patterns.md` for full patterns and code examples.
 
-Read `reference/architectural-patterns.md` for detailed patterns.
-
-**ViewModels must:**
-- Use `@HiltViewModel` annotation
-- Use `@Inject constructor`
-- Expose `StateFlow<T>`, NOT `MutableStateFlow<T>` publicly
-- Delegate business logic to Repository/Manager
-- Avoid direct Android framework dependencies (except ViewModel, SavedStateHandle)
-
-**Common Violations:**
-```kotlin
-// ❌ BAD - Exposes mutable state
-class FeatureViewModel @Inject constructor() : ViewModel() {
-    val state: MutableStateFlow<State> = MutableStateFlow(State.Initial)
-}
-
-// ✅ GOOD - Exposes immutable state
-class FeatureViewModel @Inject constructor() : ViewModel() {
-    private val _state = MutableStateFlow<State>(State.Initial)
-    val state: StateFlow<State> = _state.asStateFlow()
-}
-
-// ❌ BAD - Business logic in ViewModel
-fun onSubmit() {
-    val encrypted = encryptionManager.encrypt(password) // Should be in Repository
-    _state.value = State.Success
-}
-
-// ✅ GOOD - Business logic in Repository, state updated via internal event
-fun onSubmit() {
-    viewModelScope.launch {
-        // The result of the async operation is captured
-        val result = repository.submitData(password)
-        // A single event is sent with the result, not updating state directly
-        sendAction(FeatureAction.Internal.SubmissionComplete(result))
-    }
-}
-
-// The ViewModel has a handler that processes the internal event
-private fun handleInternalAction(action: FeatureAction.Internal) {
-    when (action) {
-        is FeatureAction.Internal.SubmissionComplete -> {
-            // The event handler evaluates the result and updates state
-            action.result.fold(
-                onSuccess = { _state.value = State.Success },
-                onFailure = { _state.value = State.Error(it) }
-            )
-        }
-    }
-}
-```
-
-**UI Layer must:**
-- Only observe state, never modify
-- Pass user actions as events to ViewModel
-- Contain no business logic
-- Use existing UI components from `:ui` module where possible
-
-### Hilt Dependency Injection
-
-Reference: `docs/ARCHITECTURE.md#dependency-injection`
-
-**Required Patterns:**
-- ViewModels: `@HiltViewModel` + `@Inject constructor`
-- Repositories: `@Inject constructor` on implementation
-- Inject interfaces, not concrete implementations
-- Modules must provide proper scoping (`@Singleton`, `@ViewModelScoped`)
-
-**Common Violations:**
-```kotlin
-// ❌ BAD - Manual instantiation
-class FeatureViewModel : ViewModel() {
-    private val repository = FeatureRepositoryImpl()
-}
-
-// ✅ GOOD - Injected interface
-@HiltViewModel
-class FeatureViewModel @Inject constructor(
-    private val repository: FeatureRepository  // Interface, not implementation
-) : ViewModel()
-
-// ❌ BAD - Injecting implementation
-class FeatureViewModel @Inject constructor(
-    private val repository: FeatureRepositoryImpl  // Should inject interface
-)
-
-// ✅ GOOD - Interface injection
-class FeatureViewModel @Inject constructor(
-    private val repository: FeatureRepository  // Interface
-)
-```
-
-### Module Organization
-
-Reference: `docs/ARCHITECTURE.md#module-structure`
-
-**Correct Placement:**
-- `:core` - Shared utilities (cryptography, analytics, logging)
-- `:data` - Repositories, database, domain models
-- `:network` - API clients, network utilities
-- `:ui` - Reusable Compose components, theme
-- `:app` - Feature screens, ViewModels, navigation
-- `:authenticator` - Authenticator app (separate from password manager)
-
-**Check:**
-- UI code in `:ui` or `:app` modules
-- Data models in `:data`
-- Network clients in `:network`
-- No circular dependencies between modules
-
-### Error Handling
-
-Reference: `docs/ARCHITECTURE.md#error-handling`
-
-**Required Pattern - Use Result types:**
-```kotlin
-// ✅ GOOD - Result type
-suspend fun fetchData(): Result<Data> = runCatching {
-    apiService.getData()
-}
-
-// ViewModel handles Result
-repository.fetchData().fold(
-    onSuccess = { data -> _state.value = State.Success(data) },
-    onFailure = { error -> _state.value = State.Error(error) }
-)
-
-// ❌ BAD - Exception-based in business logic
-suspend fun fetchData(): Data {
-    try {
-        return apiService.getData()
-    } catch (e: Exception) {
-        throw FeatureException(e)  // Don't throw in business logic
-    }
-}
-```
+**Check these four areas:**
+- **MVVM/UDF**: ViewModel exposes `StateFlow` (not `MutableStateFlow`), business logic in Repository, UI is stateless
+- **Hilt DI**: `@HiltViewModel` + `@Inject constructor`, inject interfaces not implementations, no manual instantiation
+- **Module placement**: UI in `:ui`/`:app`, data in `:data`, network in `:network`, no circular dependencies
+- **Error handling**: `Result<T>` / `runCatching` throughout — no thrown exceptions from data layer
 
 ## Security Review
 
@@ -366,15 +208,4 @@ Use `reference/review-psychology.md` for phrasing guidance.
 
 ## Output Format
 
-Follow the format guidance from `SKILL.md` Step 5 (concise summary with critical issues only, detailed inline comments with `<details>` tags).
-
-See `examples/review-outputs.md` for comprehensive feature review example.
-
-```markdown
-**Overall Assessment:** APPROVE / REQUEST CHANGES
-
-**Critical Issues** (if any):
-- [One-line summary of each critical blocking issue with file:line reference]
-
-See inline comments for all issue details.
-```
+See `examples/review-outputs.md` for the required output format and inline comment structure.

.claude/skills/reviewing-changes/checklists/infrastructure.md

@@ -4,15 +4,6 @@
 
 ### First Pass: Understand the Change
 
-<thinking>
-Assess infrastructure change:
-1. What problem does this solve?
-2. Does this affect production builds, CI/CD, or dev workflow?
-3. What's the risk if this breaks?
-4. Can this be tested before merge?
-5. What's the rollback plan?
-</thinking>
-
 **1. Identify the goal:**
 - What problem does this solve?
 - Is this optimization, fix, or new capability?
@@ -30,15 +21,6 @@ Assess infrastructure change:
 
 ### Second Pass: Verify Implementation
 
-<thinking>
-Verify configuration and impact:
-1. Is the configuration syntax valid?
-2. Are secrets/credentials handled securely?
-3. What's the impact on build times and CI performance?
-4. How will this affect the team's workflow?
-5. Is there adequate testing/validation?
-</thinking>
-
 **4. Configuration correctness:**
 - Syntax valid?
 - References correct?
@@ -189,16 +171,7 @@ Use `reference/priority-framework.md` to classify findings as Critical/Important
 
 ## Output Format
 
-Follow the format guidance from `SKILL.md` Step 5 (concise summary with critical issues only, detailed inline comments with `<details>` tags).
-
-```markdown
-**Overall Assessment:** APPROVE / REQUEST CHANGES
-
-**Critical Issues** (if any):
-- [One-line summary of each critical blocking issue with file:line reference]
-
-See inline comments for all issue details.
-```
+See `examples/review-outputs.md` for the required output format and inline comment structure.
 
 ## Example Review
 

.claude/skills/reviewing-changes/checklists/refactoring.md

@@ -4,15 +4,6 @@
 
 ### First Pass: Understand the Refactoring
 
-<thinking>
-Analyze the refactoring scope:
-1. What pattern is being improved?
-2. Why is this refactoring needed?
-3. Does this change behavior or just structure?
-4. What's the scope? (files affected, migration completeness)
-5. What are the risks if something breaks?
-</thinking>
-
 **1. Understand the goal:**
 - What pattern is being improved?
 - Why is this refactoring needed?
@@ -30,15 +21,6 @@ Analyze the refactoring scope:
 
 ### Second Pass: Verify Consistency
 
-<thinking>
-Verify refactoring quality:
-1. Is the new pattern applied consistently throughout?
-2. Are there missed instances of the old pattern?
-3. Do tests still pass with same behavior?
-4. Is the migration complete or partial?
-5. Does this introduce any new issues?
-</thinking>
-
 **4. Pattern consistency:**
 - Is the new pattern applied consistently throughout?
 - Are there missed instances of the old pattern?
@@ -169,16 +151,7 @@ Use `reference/priority-framework.md` to classify findings as Critical/Important
 
 ## Output Format
 
-Follow the format guidance from `SKILL.md` Step 5 (concise summary with critical issues only, detailed inline comments with `<details>` tags).
-
-```markdown
-**Overall Assessment:** APPROVE / REQUEST CHANGES
-
-**Critical Issues** (if any):
-- [One-line summary of each critical blocking issue with file:line reference]
-
-See inline comments for all issue details.
-```
+See `examples/review-outputs.md` for the required output format and inline comment structure.
 
 ## Example Reviews
 

.claude/skills/reviewing-changes/checklists/ui-refinement.md

@@ -4,15 +4,6 @@
 
 ### First Pass: Visual Changes
 
-<thinking>
-Analyze the UI changes:
-1. What visual/UX problem is being solved?
-2. Are there designs or screenshots to reference?
-3. Is this affecting existing screens or new ones?
-4. What's the scope of visual changes?
-5. Are design tokens (colors, spacing, typography) being used correctly?
-</thinking>
-
 **1. Understand the changes:**
 - What visual/UX problem is being solved?
 - Are there designs or screenshots to reference?
@@ -25,15 +16,6 @@ Analyze the UI changes:
 
 ### Second Pass: Implementation Review
 
-<thinking>
-Check implementation quality:
-1. Are Compose best practices followed?
-2. Is state hoisting applied correctly?
-3. Are existing components reused where possible?
-4. Is accessibility properly handled?
-5. Does this follow design system patterns?
-</thinking>
-
 **3. Compose best practices:**
 - Composables properly structured?
 - State hoisted correctly?
@@ -187,16 +169,7 @@ Use `reference/priority-framework.md` to classify findings as Critical/Important
 
 ## Output Format
 
-Follow the format guidance from `SKILL.md` Step 5 (concise summary with critical issues only, detailed inline comments with `<details>` tags).
-
-```markdown
-**Overall Assessment:** APPROVE / REQUEST CHANGES
-
-**Critical Issues** (if any):
-- [One-line summary of each critical blocking issue with file:line reference]
-
-See inline comments for all issue details.
-```
+See `examples/review-outputs.md` for the required output format and inline comment structure.
 
 ## Example Review
 

.claude/skills/reviewing-changes/examples/review-outputs.md

@@ -2,6 +2,27 @@
 
 Well-structured code reviews demonstrating appropriate depth, tone, and formatting for different change types.
 
+## Table of Contents
+
+**Format Reference:**
+- [Quick Format Reference](#quick-format-reference)
+  - [Inline Comment Format](#inline-comment-format-required)
+  - [Summary Comment Format](#summary-comment-format)
+
+**Examples:**
+- [Example 1: Clean PR (No Issues)](#example-1-clean-pr-no-issues)
+- [Example 2: Dependency Update with Breaking Changes](#example-2-dependency-update-with-breaking-changes)
+- [Example 3: Feature Addition with Critical Issues](#example-3-feature-addition-with-critical-issues)
+
+**Anti-Patterns:**
+- [❌ Anti-Patterns to Avoid](#-anti-patterns-to-avoid)
+  - [Problem: Verbose Summary with Multiple Sections](#problem-verbose-summary-with-multiple-sections)
+  - [Problem: Praise-Only Inline Comments](#problem-praise-only-inline-comments)
+  - [Problem: Missing `<details>` Tags](#problem-missing-details-tags)
+
+**Summary:**
+- [Summary](#summary)
+
 ---
 
 ## Quick Format Reference
@@ -25,24 +46,38 @@ Reference: [docs link if applicable]
 ```
 
 **Severity Levels:**
-- ⚠️ **CRITICAL** - Blocking, must fix
-- 📋 **IMPORTANT** - Should fix
-- 💡 **SUGGESTED** - Nice to have
-- ❓ **QUESTION** - Seeking clarification
+- ❌ **CRITICAL** - Blocking, must fix (security, crashes, architecture violations)
+- ⚠️ **IMPORTANT** - Should fix (missing tests, quality issues)
+- ♻️ **DEBT** - Technical debt (duplication, convention violations, future rework needed)
+- 🎨 **SUGGESTED** - Nice to have (refactoring, improvements)
+- ❓ **QUESTION** - Seeking clarification (requirements, design decisions)
 
 ### Summary Comment Format
 
-**Required format for ALL PRs:**
+Uses the agent's `posting-review-summary` skill format. Surface ❌ CRITICAL issues at the top level for immediate visibility, wrap the full findings list in `<details>` for scannability.
+
 ```
 **Overall Assessment:** APPROVE / REQUEST CHANGES
 
-**Critical Issues** (if any):
-- [issue with file:line]
+[1-2 neutral sentences describing what was reviewed]
 
-See inline comments for details.
+**Critical Issues** (if any):
+- ❌ [One-line summary with file:line]
+
+<details>
+<summary>All findings</summary>
+
+- ❌ **CRITICAL**: [description] (`file:line`)
+- ⚠️ **IMPORTANT**: [description] (`file:line`)
+- ♻️ **DEBT**: [description] (`file:line`)
+- 🎨 **SUGGESTED**: [description] (`file:line`)
+- ❓ **QUESTION**: [description] (`file:line`)
+</details>
 ```
 
-All PRs use the same minimal format - no exceptions for size or complexity. Summary must be 5-10 lines maximum.
+For clean PRs with no findings, omit both sections entirely — verdict + 1-2 sentences is sufficient.
+
+**GitHub pitfall**: Never use `#` followed by a number in comment text (e.g., `#42`, `#PR123`). GitHub autolinks these to issues/PRs. Use `Finding 1:` or `item 42` instead.
 
 ---
 
@@ -81,7 +116,7 @@ See inline comments for migration details.
 
 **Inline Comment 1** (on `network/api/BitwardenApiService.kt:34`):
 ```markdown
-⚠️ **CRITICAL**: API migration required for Retrofit 3.0
+❌ **CRITICAL**: API migration required for Retrofit 3.0
 
 <details>
 <summary>Details and fix</summary>
@@ -136,7 +171,7 @@ See inline comments for all issues and suggestions.
 
 **Inline Comment 1** (on `app/vault/unlock/UnlockViewModel.kt:78`):
 ```markdown
-⚠️ **CRITICAL**: Exposes mutable state
+❌ **CRITICAL**: Exposes mutable state
 
 <details>
 <summary>Details and fix</summary>
@@ -160,7 +195,7 @@ Reference: docs/ARCHITECTURE.md#mvvm-pattern
 
 **Inline Comment 2** (on `data/vault/UnlockRepository.kt:145`):
 ```markdown
-⚠️ **CRITICAL**: PIN stored without encryption - SECURITY ISSUE
+❌ **CRITICAL**: PIN stored without encryption - SECURITY ISSUE
 
 <details>
 <summary>Details and fix</summary>
@@ -188,7 +223,7 @@ Reference: docs/ARCHITECTURE.md#security
 
 **Inline Comment 3** (on `app/vault/unlock/UnlockViewModel.kt:92`):
 ```markdown
-📋 **IMPORTANT**: Missing error handling test
+⚠️ **IMPORTANT**: Missing error handling test
 
 <details>
 <summary>Details and fix</summary>
@@ -214,7 +249,7 @@ Ensures error flow remains robust across refactorings.
 
 **Inline Comment 4** (on `app/vault/unlock/UnlockViewModel.kt:105`):
 ```markdown
-💡 **SUGGESTED**: Consider rate limiting for PIN attempts
+🎨 **SUGGESTED**: Consider rate limiting for PIN attempts
 
 <details>
 <summary>Details and fix</summary>
@@ -356,7 +391,7 @@ This is exactly the right approach for fail-safe security.
 **What NOT to do:**
 
 ```markdown
-⚠️ **CRITICAL**: Missing test coverage for security-critical code
+❌ **CRITICAL**: Missing test coverage for security-critical code
 
 The `@OmitFromCoverage` annotation excludes this entire class from test coverage.
 
@@ -382,7 +417,7 @@ Security-critical code should have the highest test coverage, not be omitted.
 
 **Correct approach:**
 ```markdown
-⚠️ **CRITICAL**: Missing test coverage for security-critical code
+❌ **CRITICAL**: Missing test coverage for security-critical code
 
 <details>
 <summary>Details and fix</summary>
@@ -422,5 +457,3 @@ Security-critical code should have the highest test coverage, not be omitted.
 - Praise-only inline comments
 - Duplication between summary and inline comments
 - Verbose analysis in summary (belongs in inline comments)
-
-See `SKILL.md` for complete review guidelines.

.claude/skills/reviewing-changes/reference/architectural-patterns.md

@@ -2,6 +2,23 @@
 
 Quick reference for Bitwarden Android architectural patterns during code reviews. For comprehensive details, read `docs/ARCHITECTURE.md` and `docs/STYLE_AND_BEST_PRACTICES.md`.
 
+## Table of Contents
+
+**Core Patterns:**
+- [MVVM + UDF Pattern](#mvvm--udf-pattern)
+  - [ViewModel Structure](#viewmodel-structure)
+  - [UI Layer (Compose)](#ui-layer-compose)
+- [Hilt Dependency Injection](#hilt-dependency-injection)
+  - [ViewModels](#viewmodels)
+  - [Repositories and Managers](#repositories-and-managers)
+  - [Clock/Time Handling](#clocktime-handling)
+- [Module Organization](#module-organization)
+- [Error Handling](#error-handling)
+  - [Use Result Types, Not Exceptions](#use-result-types-not-exceptions)
+- [Quick Checklist](#quick-checklist)
+
+---
+
 ## MVVM + UDF Pattern
 
 ### ViewModel Structure
@@ -194,6 +211,43 @@ abstract class DataModule {
 
 ---
 
+### Clock/Time Handling
+
+Time-dependent code must use injected `Clock` rather than direct `Instant.now()` or `DateTime.now()` calls. This follows the same DI principle as other dependencies.
+
+**✅ GOOD - Injected Clock**:
+```kotlin
+// ViewModel with Clock injection
+class MyViewModel @Inject constructor(
+    private val clock: Clock,
+) {
+    fun save() {
+        val timestamp = clock.instant()
+    }
+}
+
+// Extension function with Clock parameter
+fun State.getTimestamp(clock: Clock): Instant =
+    existingTime ?: clock.instant()
+```
+
+**❌ BAD - Static/direct calls**:
+```kotlin
+// Hidden dependency, non-testable
+val timestamp = Instant.now()
+val dateTime = DateTime.now()
+```
+
+**Key Rules**:
+- Inject `Clock` via Hilt constructor (like other dependencies)
+- Pass `Clock` as parameter to extension functions
+- `Clock` is provided via `CoreModule` as singleton
+- Enables deterministic testing with `Clock.fixed(...)`
+
+Reference: `docs/STYLE_AND_BEST_PRACTICES.md#best-practices--time-and-clock-handling`
+
+---
+
 ## Module Organization
 
 ```
@@ -283,6 +337,7 @@ Reference: `docs/ARCHITECTURE.md#error-handling`
 - [ ] Business logic in Repository, not ViewModel?
 - [ ] Using Hilt DI (@HiltViewModel, @Inject constructor)?
 - [ ] Injecting interfaces, not implementations?
+- [ ] Time-dependent code uses injected `Clock` (not `Instant.now()`)?
 - [ ] Correct module placement?
 
 ### Error Handling

.claude/skills/reviewing-changes/reference/priority-framework.md

@@ -1,8 +1,28 @@
-# Issue Priority Framework
+# Finding Priority Framework
 
 Use this framework to classify findings during code review. Clear prioritization helps authors triage and address issues effectively.
 
-## Critical (Blocker - Must Fix Before Merge)
+## Table of Contents
+
+**Severity Categories:**
+- [❌ CRITICAL (Blocker - Must Fix Before Merge)](#critical-blocker---must-fix-before-merge)
+- [⚠️ IMPORTANT (Should Fix)](#important-should-fix)
+- [♻️ DEBT (Technical Debt)](#debt-technical-debt)
+- [🎨 SUGGESTED (Nice to Have)](#suggested-nice-to-have)
+- [❓ QUESTION (Seeking Clarification)](#question-seeking-clarification)
+- [Optional (Acknowledge But Don't Require)](#optional-acknowledge-but-dont-require)
+
+**Guidelines:**
+- [Classification Guidelines](#classification-guidelines)
+  - [When Something is Between Categories](#when-something-is-between-categories)
+  - [Context Matters](#context-matters)
+- [Examples by Change Type](#examples-by-change-type)
+- [Special Cases](#special-cases)
+- [Summary](#summary)
+
+---
+
+## ❌ **CRITICAL** (Blocker - Must Fix Before Merge)
 
 These issues **must** be addressed before the PR can be merged. They pose immediate risks to security, stability, or architecture integrity.
 
@@ -49,7 +69,7 @@ This violates MVVM encapsulation pattern.
 
 ---
 
-## Important (Should Fix)
+## ⚠️ **IMPORTANT** (Should Fix)
 
 These issues should be addressed but don't block merge if there's a compelling reason. They improve code quality, maintainability, or robustness.
 
@@ -102,15 +122,60 @@ Fetching items one-by-one in loop. Consider batch fetch to reduce database queri
 
 ---
 
-## Suggested (Nice to Have)
+## ♻️ **DEBT** (Technical Debt)
 
-These are improvement opportunities but not required. Consider the effort vs. benefit before requesting changes.
+Code that duplicates existing patterns, violates established conventions, or will require rework within 6 months. Introduces technical debt that should be tracked for future cleanup.
+
+### Duplication
+- Copy-pasted code blocks across files
+- Repeated validation or business logic
+- Multiple implementations of same pattern
+- Data transformation duplicated in multiple places
+
+**Example**:
+```
+**app/vault/VaultListViewModel.kt:156** - DEBT: Duplicates encryption logic
+Same encryption pattern exists in VaultRepository.kt:234 and SyncManager.kt:89.
+Extract to shared EncryptionUtil to reduce maintenance burden.
+```
+
+### Convention Violations
+- Inconsistent error handling approaches within same module
+- Mixing architectural patterns (MVVM + MVC)
+- Not following established DI patterns
+- Deviating from project code style significantly
+
+**Example**:
+```
+**data/auth/AuthRepository.kt:78** - DEBT: Exception-based error handling
+Project standard is Result<T> for error handling. This uses try-catch with throws.
+Creates inconsistency and makes testing harder.
+Reference: docs/ARCHITECTURE.md#error-handling
+```
+
+### Future Rework Required
+- Hardcoded values that should be configurable
+- Temporary workarounds without TODO/FIXME
+- Code that will need changes when planned features arrive
+- Tight coupling that prevents future extensibility
+
+**Example**:
+```
+**app/settings/SettingsViewModel.kt:45** - DEBT: Hardcoded feature flags
+Feature flags should come from remote config for A/B testing.
+Will require rework when experimentation framework launches.
+```
+
+---
+
+## 🎨 **SUGGESTED** (Nice to Have)
+
+Improvements with measurable value only. A finding qualifies as SUGGESTED if it provides: security gain, cyclomatic complexity reduction, bug class prevention, or elimination of an O(n²) pattern. Subjective style preferences, vague simplifications, and naming nitpicks do not qualify — leave those out entirely or raise in conversation.
 
 ### Code Quality
-- Minor style inconsistencies (if not caught by linter)
-- Opportunities for DRY improvements
-- Better variable naming for clarity
-- Simplification opportunities
+- Extractable duplicated logic that reduces measurable complexity or improves testability
+- Patterns that would prevent a recurring bug class in this module
+- Architecture improvements that eliminate tight coupling with measurable impact
 
 **Example**:
 ```
@@ -142,6 +207,80 @@ Could be extracted to separate validator class for reusability and testing.
 
 ---
 
+## ❓ **QUESTION** (Seeking Clarification)
+
+Questions about requirements, unclear intent, or potential conflicts that require human knowledge to answer. Open inquiries that cannot be resolved through code inspection alone.
+
+### Requirements Clarification
+- Ambiguous acceptance criteria
+- Multiple valid implementation approaches
+- Unclear business rules or edge case handling
+- Conflicting requirements between specs and implementation
+
+**Example**:
+```
+**app/vault/ItemListViewModel.kt:67** - QUESTION: Expected sort behavior for equal timestamps?
+When items have identical timestamps, should secondary sort be by:
+- Name (alphabetical)
+- Creation order
+- Item type priority
+
+Spec doesn't specify tie-breaking logic.
+```
+
+### Design Decisions
+- Architecture choices that could go multiple ways
+- Trade-offs between approaches without clear winner
+- Feature flag strategy or rollout approach
+- API design with multiple valid patterns
+
+**Example**:
+```
+**data/sync/SyncManager.kt:134** - QUESTION: Should sync failures retry automatically?
+Current implementation fails immediately. Options:
+- Exponential backoff (3 retries)
+- User-triggered retry only
+- Background retry on network restore
+
+What's the expected UX?
+```
+
+### System Integration
+- Unclear contracts with external systems
+- Potential conflicts with other features/modules
+- Assumptions about third-party API behavior
+- Cross-team coordination needs
+
+**Example**:
+```
+**app/auth/BiometricPrompt.kt:89** - QUESTION: Compatibility with pending device credentials PR?
+PR #1234 is refactoring device credentials. Should this:
+- Merge first and adapt later
+- Wait for #1234 to land
+- Coordinate with that author
+
+Timing unclear.
+```
+
+### Testing Strategy
+- Uncertainty about test scope or approach
+- Questions about mocking external dependencies
+- Edge cases that need product input
+- Performance testing requirements
+
+**Example**:
+```
+**data/vault/EncryptionTest.kt:45** - QUESTION: Should we test against real Keystore?
+Currently using mocked Keystore. Real Keystore testing would:
++ Catch hardware-specific issues
+- Slow down CI significantly
+- Require API 23+ emulators
+
+What's the priority?
+```
+
+---
+
 ## Optional (Acknowledge But Don't Require)
 
 Note good practices to reinforce positive patterns. Keep these **brief** - list only, no elaboration.
@@ -175,11 +314,26 @@ Note good practices to reinforce positive patterns. Keep these **brief** - list
 - If yes → Critical
 - If no → Important
 
+**If unsure between Important and Debt**:
+- Ask: "Is this a bug/defect or just duplication/inconsistency?"
+- If bug/defect → Important
+- If duplication/inconsistency → Debt
+
 **If unsure between Important and Suggested**:
 - Ask: "Would I block merge over this?"
 - If yes → Important
 - If no → Suggested
 
+**If unsure between Debt and Suggested**:
+- Ask: "Will this require rework within 6 months?"
+- If yes → Debt
+- If no → Suggested
+
+**If unsure between Suggested and Question**:
+- Ask: "Am I requesting a change or asking for clarification?"
+- If requesting change → Suggested
+- If seeking clarification → Question
+
 **If unsure between Suggested and Optional**:
 - Ask: "Is this actionable feedback or just acknowledgment?"
 - If actionable → Suggested
@@ -270,5 +424,7 @@ Missing tests for refactored helper → SUGGESTED
 
 **Critical**: Block merge, must fix (security, stability, architecture)
 **Important**: Should fix before merge (testing, quality, performance)
+**Debt**: Technical debt introduced, track for future cleanup
 **Suggested**: Nice to have, consider effort vs benefit
+**Question**: Seeking clarification on requirements or design
 **Optional**: Acknowledge good practices, keep brief

.claude/skills/reviewing-changes/reference/review-psychology.md

@@ -2,14 +2,16 @@
 
 Effective code review feedback is clear, actionable, and constructive. This guide provides phrasing patterns for inline comments.
 
-## Core Directives
+## Table of Contents
 
-- **Keep positive feedback minimal**: For clean PRs with no issues, use 2-3 line approval only. When acknowledging good practices in PRs with issues, use single bullet list with no elaboration. Never create elaborate sections praising correct implementations.
-- Ask questions for design decisions, be prescriptive for clear violations
-- Focus on code, not people ("This code..." not "You...")
-- Use I-statements for subjective feedback ("Hard for me to understand...")
-- Explain rationale with every recommendation
-- Avoid: "just", "simply", "obviously", "easy"
+**Guidelines:**
+- [Phrasing Templates](#phrasing-templates)
+  - [Critical Issues (Prescriptive)](#critical-issues-prescriptive)
+  - [Suggested Improvements (Exploratory)](#suggested-improvements-exploratory)
+  - [Questions (Collaborative)](#questions-collaborative)
+  - [Test Suggestions](#test-suggestions)
+- [When to Be Prescriptive vs Ask Questions](#when-to-be-prescriptive-vs-ask-questions)
+- [Special Cases](#special-cases)
 
 ---
 

.claude/skills/testing-android-code/SKILL.md

@@ -0,0 +1,320 @@
+---
+name: testing-android-code
+description: This skill should be used when writing or reviewing tests for Android code in Bitwarden. Triggered by "BaseViewModelTest", "BitwardenComposeTest", "BaseServiceTest", "stateEventFlow", "bufferedMutableSharedFlow", "FakeDispatcherManager", "expectNoEvents", "assertCoroutineThrows", "createMockCipher", "createMockSend", "asSuccess", "Why is my Bitwarden test failing?", or testing questions about ViewModels, repositories, Compose screens, or data sources in Bitwarden.
+version: 1.0.0
+---
+
+# Testing Android Code - Bitwarden Testing Patterns
+
+**This skill provides tactical testing guidance for Bitwarden-specific patterns.** For comprehensive architecture and testing philosophy, consult `docs/ARCHITECTURE.md`.
+
+## Test Framework Configuration
+
+**Required Dependencies:**
+- **JUnit 5** (jupiter), **MockK**, **Turbine** (app.cash.turbine)
+- **kotlinx.coroutines.test**, **Robolectric**, **Compose Test**
+
+**Critical Note:** Tests run with en-US locale for consistency. Don't assume other locales.
+
+---
+
+## A. ViewModel Testing Patterns
+
+### Base Class: BaseViewModelTest
+
+**Always extend `BaseViewModelTest` for ViewModel tests.**
+
+**Location:** `ui/src/testFixtures/kotlin/com/bitwarden/ui/platform/base/BaseViewModelTest.kt`
+
+**Benefits:**
+- Automatically registers `MainDispatcherExtension` for `UnconfinedTestDispatcher`
+- Provides `stateEventFlow()` helper for simultaneous StateFlow/EventFlow testing
+
+**Pattern:**
+```kotlin
+class ExampleViewModelTest : BaseViewModelTest() {
+    private val mockRepository: ExampleRepository = mockk()
+    private val savedStateHandle = SavedStateHandle(mapOf(KEY_STATE to INITIAL_STATE))
+
+    @Test
+    fun `ButtonClick should fetch data and update state`() = runTest {
+        coEvery { mockRepository.fetchData(any()) } returns Result.success("data")
+
+        val viewModel = ExampleViewModel(savedStateHandle, mockRepository)
+
+        viewModel.stateFlow.test {
+            assertEquals(INITIAL_STATE, awaitItem())
+            viewModel.trySendAction(ExampleAction.ButtonClick)
+            assertEquals(INITIAL_STATE.copy(data = "data"), awaitItem())
+        }
+
+        coVerify { mockRepository.fetchData(any()) }
+    }
+}
+```
+
+**For complete examples:** See `references/test-base-classes.md`
+
+### StateFlow vs EventFlow (Critical Distinction)
+
+| Flow Type | Replay | First Action | Pattern |
+|-----------|--------|--------------|---------|
+| StateFlow | Yes (1) | `awaitItem()` gets current state | Expect initial → trigger → expect new |
+| EventFlow | No | `expectNoEvents()` first | expectNoEvents → trigger → expect event |
+
+**For detailed patterns:** See `references/flow-testing-patterns.md`
+
+---
+
+## B. Compose UI Testing Patterns
+
+### Base Class: BitwardenComposeTest
+
+**Always extend `BitwardenComposeTest` for Compose screen tests.**
+
+**Location:** `app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/base/BitwardenComposeTest.kt`
+
+**Benefits:**
+- Pre-configures all Bitwarden managers (FeatureFlags, AuthTab, Biometrics, etc.)
+- Wraps content in `BitwardenTheme` and `LocalManagerProvider`
+- Provides fixed Clock for deterministic time-based tests
+
+**Pattern:**
+```kotlin
+class ExampleScreenTest : BitwardenComposeTest() {
+    private var haveCalledNavigateBack = false
+    private val mutableEventFlow = bufferedMutableSharedFlow<ExampleEvent>()
+    private val mutableStateFlow = MutableStateFlow(DEFAULT_STATE)
+    private val viewModel = mockk<ExampleViewModel>(relaxed = true) {
+        every { eventFlow } returns mutableEventFlow
+        every { stateFlow } returns mutableStateFlow
+    }
+
+    @Before
+    fun setup() {
+        setContent {
+            ExampleScreen(
+                onNavigateBack = { haveCalledNavigateBack = true },
+                viewModel = viewModel,
+            )
+        }
+    }
+
+    @Test
+    fun `on back click should send BackClick action`() {
+        composeTestRule.onNodeWithContentDescription("Back").performClick()
+        verify { viewModel.trySendAction(ExampleAction.BackClick) }
+    }
+}
+```
+
+**Note:** Use `bufferedMutableSharedFlow` for event testing in Compose tests. Default replay is 0; pass `replay = 1` if needed.
+
+**For complete base class details:** See `references/test-base-classes.md`
+
+---
+
+## C. Repository and Service Testing
+
+### Service Testing with MockWebServer
+
+**Base Class:** `BaseServiceTest` (`network/src/testFixtures/`)
+
+```kotlin
+class ExampleServiceTest : BaseServiceTest() {
+    private val api: ExampleApi = retrofit.create()
+    private val service = ExampleServiceImpl(api)
+
+    @Test
+    fun `getConfig should return success when API succeeds`() = runTest {
+        server.enqueue(MockResponse().setBody(EXPECTED_JSON))
+        val result = service.getConfig()
+        assertEquals(EXPECTED_RESPONSE.asSuccess(), result)
+    }
+}
+```
+
+### Repository Testing Pattern
+
+```kotlin
+class ExampleRepositoryTest {
+    private val fixedClock: Clock = Clock.fixed(
+        Instant.parse("2023-10-27T12:00:00Z"),
+        ZoneOffset.UTC,
+    )
+    private val dispatcherManager = FakeDispatcherManager()
+    private val mockDiskSource: ExampleDiskSource = mockk()
+    private val mockService: ExampleService = mockk()
+
+    private val repository = ExampleRepositoryImpl(
+        clock = fixedClock,
+        exampleDiskSource = mockDiskSource,
+        exampleService = mockService,
+        dispatcherManager = dispatcherManager,
+    )
+
+    @Test
+    fun `fetchData should return success when service succeeds`() = runTest {
+        coEvery { mockService.getData(any()) } returns expectedData.asSuccess()
+        val result = repository.fetchData(userId)
+        assertTrue(result.isSuccess)
+    }
+}
+```
+
+**Key patterns:** Use `FakeDispatcherManager`, fixed Clock, and `.asSuccess()` helpers.
+
+---
+
+## D. Test Data Builders
+
+### Builder Pattern with Number Parameter
+
+**Location:** `network/src/testFixtures/kotlin/com/bitwarden/network/model/`
+
+```kotlin
+fun createMockCipher(
+    number: Int,
+    id: String = "mockId-$number",
+    name: String? = "mockName-$number",
+    // ... more parameters with defaults
+): SyncResponseJson.Cipher
+
+// Usage:
+val cipher1 = createMockCipher(number = 1)  // mockId-1, mockName-1
+val cipher2 = createMockCipher(number = 2)  // mockId-2, mockName-2
+val custom = createMockCipher(number = 3, name = "Custom")
+```
+
+**Available Builders (35+):**
+- **Cipher:** `createMockCipher()`, `createMockLogin()`, `createMockCard()`, `createMockIdentity()`, `createMockSecureNote()`, `createMockSshKey()`, `createMockField()`, `createMockUri()`, `createMockFido2Credential()`, `createMockPasswordHistory()`, `createMockCipherPermissions()`
+- **Sync:** `createMockSyncResponse()`, `createMockFolder()`, `createMockCollection()`, `createMockPolicy()`, `createMockDomains()`
+- **Send:** `createMockSend()`, `createMockFile()`, `createMockText()`, `createMockSendJsonRequest()`
+- **Profile:** `createMockProfile()`, `createMockOrganization()`, `createMockProvider()`, `createMockPermissions()`
+- **Attachments:** `createMockAttachment()`, `createMockAttachmentJsonRequest()`, `createMockAttachmentResponse()`
+
+See `network/src/testFixtures/kotlin/com/bitwarden/network/model/` for full list.
+
+---
+
+## E. Result Type Testing
+
+**Locations:**
+- `.asSuccess()`, `.asFailure()`: `core/src/main/kotlin/com/bitwarden/core/data/util/ResultExtensions.kt`
+- `assertCoroutineThrows`: `core/src/testFixtures/kotlin/com/bitwarden/core/data/util/TestHelpers.kt`
+
+```kotlin
+// Create results
+"data".asSuccess()              // Result.success("data")
+throwable.asFailure()           // Result.failure<T>(throwable)
+
+// Assertions
+assertTrue(result.isSuccess)
+assertEquals(expectedValue, result.getOrNull())
+```
+
+---
+
+## F. Test Utilities and Helpers
+
+### Fake Implementations
+
+| Fake | Location | Purpose |
+|------|----------|---------|
+| `FakeDispatcherManager` | `core/src/testFixtures/` | Deterministic coroutine execution |
+| `FakeConfigDiskSource` | `data/src/testFixtures/` | In-memory config storage |
+| `FakeSharedPreferences` | `data/src/testFixtures/` | Memory-backed SharedPreferences |
+
+### Exception Testing (CRITICAL)
+
+```kotlin
+// CORRECT - Call directly, NOT inside runTest
+@Test
+fun `test exception`() {
+    assertCoroutineThrows<IllegalStateException> {
+        repository.throwingFunction()
+    }
+}
+```
+
+**Why:** `runTest` catches exceptions and rethrows them, breaking the assertion pattern.
+
+---
+
+## G. Critical Gotchas
+
+Common testing mistakes in Bitwarden. **For complete details and examples:** See `references/critical-gotchas.md`
+
+**Core Patterns:**
+- **assertCoroutineThrows + runTest** - Never wrap in `runTest`; call directly
+- **Static mock cleanup** - Always `unmockkStatic()` in `@After`
+- **StateFlow vs EventFlow** - StateFlow: `awaitItem()` first; EventFlow: `expectNoEvents()` first
+- **FakeDispatcherManager** - Always use instead of real `DispatcherManagerImpl`
+- **Coroutine test wrapper** - Use `runTest { }` for all Flow/coroutine tests
+
+**Assertion Patterns:**
+- **Complete state assertions** - Assert entire state objects, not individual fields
+- **JUnit over Kotlin** - Use `assertTrue()`, not Kotlin's `assert()`
+- **Use Result extensions** - Use `asSuccess()` and `asFailure()` for Result type assertions
+
+**Test Design:**
+- **Fake vs Mock strategy** - Use Fakes for happy paths, Mocks for error paths
+- **DI over static mocking** - Extract interfaces (like UuidManager) instead of mockkStatic
+- **Null stream testing** - Test null returns from ContentResolver operations
+- **bufferedMutableSharedFlow** - Use with `.onSubscription { emit(state) }` in Fakes
+- **Test factory methods** - Accept domain state types, not SavedStateHandle
+- **@Suppress("MaxLineLength")** - Only add when the `fun` declaration line **actually exceeds 100 chars** — do not copy the pattern blindly
+
+---
+
+## H. Test File Organization
+
+### Directory Structure
+
+```
+module/src/test/kotlin/com/bitwarden/.../
+├── ui/*ScreenTest.kt, *ViewModelTest.kt
+├── data/repository/*RepositoryTest.kt
+└── network/service/*ServiceTest.kt
+
+module/src/testFixtures/kotlin/com/bitwarden/.../
+├── util/TestHelpers.kt
+├── base/Base*Test.kt
+└── model/*Util.kt
+```
+
+### Test Naming
+
+- Classes: `*Test.kt`, `*ScreenTest.kt`, `*ViewModelTest.kt`
+- Functions: `` `given state when action should result` ``
+
+---
+
+## Summary
+
+Key Bitwarden-specific testing patterns:
+
+1. **BaseViewModelTest** - Automatic dispatcher setup with `stateEventFlow()` helper
+2. **BitwardenComposeTest** - Pre-configured with all managers and theme
+3. **BaseServiceTest** - MockWebServer setup for network testing
+4. **Turbine Flow Testing** - StateFlow (replay) vs EventFlow (no replay)
+5. **Test Data Builders** - Consistent `number: Int` parameter pattern
+6. **Fake Implementations** - FakeDispatcherManager, FakeConfigDiskSource
+7. **Result Type Testing** - `.asSuccess()`, `.asFailure()`
+
+**Always consult:** `docs/ARCHITECTURE.md` and existing test files for reference implementations.
+
+---
+
+## Reference Documentation
+
+For detailed information, see:
+
+- `references/test-base-classes.md` - Detailed base class documentation and usage patterns
+- `references/flow-testing-patterns.md` - Complete Turbine patterns for StateFlow/EventFlow
+- `references/critical-gotchas.md` - Full anti-pattern reference and debugging tips
+
+**Complete Examples:**
+- `examples/viewmodel-test-example.md` - Full ViewModel test with StateFlow/EventFlow
+- `examples/compose-screen-test-example.md` - Full Compose screen test
+- `examples/repository-test-example.md` - Full repository test with mocks and fakes

.claude/skills/testing-android-code/examples/compose-screen-test-example.md

@@ -0,0 +1,337 @@
+/**
+ * Complete Compose Screen Test Example
+ *
+ * Key patterns demonstrated:
+ * - Extending BitwardenComposeTest
+ * - Mocking ViewModel with flows
+ * - Testing UI interactions
+ * - Testing navigation callbacks
+ * - Using bufferedMutableSharedFlow for events
+ * - Testing dialogs with isDialog() and hasAnyAncestor()
+ */
+package com.bitwarden.example.feature
+
+import androidx.compose.ui.test.assertIsDisplayed
+import androidx.compose.ui.test.filterToOne
+import androidx.compose.ui.test.hasAnyAncestor
+import androidx.compose.ui.test.isDialog
+import androidx.compose.ui.test.onAllNodesWithText
+import androidx.compose.ui.test.onNodeWithContentDescription
+import androidx.compose.ui.test.onNodeWithText
+import androidx.compose.ui.test.performClick
+import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
+import com.bitwarden.ui.util.assertNoDialogExists
+import com.bitwarden.ui.util.isProgressBar
+import com.x8bit.bitwarden.ui.platform.base.BitwardenComposeTest
+import io.mockk.every
+import io.mockk.mockk
+import io.mockk.verify
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.update
+import junit.framework.TestCase.assertTrue
+import org.junit.Before
+import org.junit.Test
+
+class ExampleScreenTest : BitwardenComposeTest() {
+
+    // Track navigation callbacks
+    private var haveCalledNavigateBack = false
+    private var haveCalledNavigateToNext = false
+
+    // Use bufferedMutableSharedFlow for events (default replay = 0)
+    private val mutableEventFlow = bufferedMutableSharedFlow<ExampleEvent>()
+    private val mutableStateFlow = MutableStateFlow(DEFAULT_STATE)
+
+    // Mock ViewModel with relaxed = true
+    private val viewModel = mockk<ExampleViewModel>(relaxed = true) {
+        every { eventFlow } returns mutableEventFlow
+        every { stateFlow } returns mutableStateFlow
+    }
+
+    @Before
+    fun setup() {
+        haveCalledNavigateBack = false
+        haveCalledNavigateToNext = false
+
+        setContent {
+            ExampleScreen(
+                onNavigateBack = { haveCalledNavigateBack = true },
+                onNavigateToNext = { haveCalledNavigateToNext = true },
+                viewModel = viewModel,
+            )
+        }
+    }
+
+    /**
+     * Test: Back button sends action to ViewModel
+     */
+    @Test
+    fun `on back click should send BackClick action`() {
+        composeTestRule
+            .onNodeWithContentDescription("Back")
+            .performClick()
+
+        verify { viewModel.trySendAction(ExampleAction.BackClick) }
+    }
+
+    /**
+     * Test: Submit button sends action to ViewModel
+     */
+    @Test
+    fun `on submit click should send SubmitClick action`() {
+        composeTestRule
+            .onNodeWithText("Submit")
+            .performClick()
+
+        verify { viewModel.trySendAction(ExampleAction.SubmitClick) }
+    }
+
+    /**
+     * Test: Loading state shows progress indicator
+     */
+    @Test
+    fun `loading state should display progress indicator`() {
+        mutableStateFlow.update { it.copy(isLoading = true) }
+
+        composeTestRule
+            .onNode(isProgressBar)
+            .assertIsDisplayed()
+    }
+
+    /**
+     * Test: Data state shows content
+     */
+    @Test
+    fun `data state should display content`() {
+        mutableStateFlow.update { it.copy(data = "Test Data") }
+
+        composeTestRule
+            .onNodeWithText("Test Data")
+            .assertIsDisplayed()
+    }
+
+    /**
+     * Test: Error state shows error message
+     */
+    @Test
+    fun `error state should display error message`() {
+        mutableStateFlow.update { it.copy(errorMessage = "Something went wrong") }
+
+        composeTestRule
+            .onNodeWithText("Something went wrong")
+            .assertIsDisplayed()
+    }
+
+    /**
+     * Test: NavigateBack event triggers navigation callback
+     */
+    @Test
+    fun `NavigateBack event should call onNavigateBack`() {
+        mutableEventFlow.tryEmit(ExampleEvent.NavigateBack)
+
+        assertTrue(haveCalledNavigateBack)
+    }
+
+    /**
+     * Test: NavigateToNext event triggers navigation callback
+     */
+    @Test
+    fun `NavigateToNext event should call onNavigateToNext`() {
+        mutableEventFlow.tryEmit(ExampleEvent.NavigateToNext)
+
+        assertTrue(haveCalledNavigateToNext)
+    }
+
+    /**
+     * Test: Item in list can be clicked
+     */
+    @Test
+    fun `on item click should send ItemClick action`() {
+        val itemId = "item-123"
+        mutableStateFlow.update {
+            it.copy(items = listOf(ExampleItem(id = itemId, name = "Test Item")))
+        }
+
+        composeTestRule
+            .onNodeWithText("Test Item")
+            .performClick()
+
+        verify { viewModel.trySendAction(ExampleAction.ItemClick(itemId)) }
+    }
+
+    // ==================== DIALOG TESTS ====================
+
+    /**
+     * Test: No dialog exists when dialogState is null
+     */
+    @Test
+    fun `no dialog should exist when dialogState is null`() {
+        mutableStateFlow.update { it.copy(dialogState = null) }
+
+        composeTestRule.assertNoDialogExists()
+    }
+
+    /**
+     * Test: Loading dialog displays when state updates
+     * PATTERN: Use isDialog() to check dialog exists
+     */
+    @Test
+    fun `loading dialog should display when dialogState is Loading`() {
+        mutableStateFlow.update {
+            it.copy(dialogState = ExampleState.DialogState.Loading("Please wait..."))
+        }
+
+        composeTestRule
+            .onNode(isDialog())
+            .assertIsDisplayed()
+
+        // Verify loading text within dialog using hasAnyAncestor(isDialog())
+        composeTestRule
+            .onAllNodesWithText("Please wait...")
+            .filterToOne(hasAnyAncestor(isDialog()))
+            .assertIsDisplayed()
+    }
+
+    /**
+     * Test: Error dialog displays title and message
+     * PATTERN: Use filterToOne(hasAnyAncestor(isDialog())) to find text within dialogs
+     */
+    @Test
+    fun `error dialog should display title and message`() {
+        mutableStateFlow.update {
+            it.copy(
+                dialogState = ExampleState.DialogState.Error(
+                    title = "An error has occurred",
+                    message = "Something went wrong. Please try again.",
+                ),
+            )
+        }
+
+        // Verify dialog exists
+        composeTestRule
+            .onNode(isDialog())
+            .assertIsDisplayed()
+
+        // Verify title within dialog
+        composeTestRule
+            .onAllNodesWithText("An error has occurred")
+            .filterToOne(hasAnyAncestor(isDialog()))
+            .assertIsDisplayed()
+
+        // Verify message within dialog
+        composeTestRule
+            .onAllNodesWithText("Something went wrong. Please try again.")
+            .filterToOne(hasAnyAncestor(isDialog()))
+            .assertIsDisplayed()
+    }
+
+    /**
+     * Test: Dialog button click sends action
+     * PATTERN: Find button with hasAnyAncestor(isDialog()) then performClick()
+     */
+    @Test
+    fun `error dialog dismiss button should send DismissDialog action`() {
+        mutableStateFlow.update {
+            it.copy(
+                dialogState = ExampleState.DialogState.Error(
+                    title = "Error",
+                    message = "An error occurred",
+                ),
+            )
+        }
+
+        // Click dismiss button within dialog
+        composeTestRule
+            .onAllNodesWithText("Ok")
+            .filterToOne(hasAnyAncestor(isDialog()))
+            .performClick()
+
+        verify { viewModel.trySendAction(ExampleAction.DismissDialog) }
+    }
+
+    /**
+     * Test: Confirmation dialog with multiple buttons
+     * PATTERN: Test both confirm and cancel actions
+     */
+    @Test
+    fun `confirmation dialog confirm button should send ConfirmAction`() {
+        mutableStateFlow.update {
+            it.copy(
+                dialogState = ExampleState.DialogState.Confirmation(
+                    title = "Confirm Action",
+                    message = "Are you sure you want to proceed?",
+                ),
+            )
+        }
+
+        // Click confirm button
+        composeTestRule
+            .onAllNodesWithText("Confirm")
+            .filterToOne(hasAnyAncestor(isDialog()))
+            .performClick()
+
+        verify { viewModel.trySendAction(ExampleAction.ConfirmAction) }
+    }
+
+    @Test
+    fun `confirmation dialog cancel button should send DismissDialog action`() {
+        mutableStateFlow.update {
+            it.copy(
+                dialogState = ExampleState.DialogState.Confirmation(
+                    title = "Confirm Action",
+                    message = "Are you sure?",
+                ),
+            )
+        }
+
+        // Click cancel button
+        composeTestRule
+            .onAllNodesWithText("Cancel")
+            .filterToOne(hasAnyAncestor(isDialog()))
+            .performClick()
+
+        verify { viewModel.trySendAction(ExampleAction.DismissDialog) }
+    }
+}
+
+private val DEFAULT_STATE = ExampleState(
+    isLoading = false,
+    data = null,
+    errorMessage = null,
+    items = emptyList(),
+    dialogState = null,
+)
+
+// Example types (normally in separate files)
+data class ExampleState(
+    val isLoading: Boolean = false,
+    val data: String? = null,
+    val errorMessage: String? = null,
+    val items: List<ExampleItem> = emptyList(),
+    val dialogState: DialogState? = null,
+) {
+    /**
+     * PATTERN: Nested sealed class for dialog states.
+     * Common dialog types: Loading, Error, Confirmation
+     */
+    sealed class DialogState {
+        data class Loading(val message: String) : DialogState()
+        data class Error(val title: String, val message: String) : DialogState()
+        data class Confirmation(val title: String, val message: String) : DialogState()
+    }
+}
+
+data class ExampleItem(val id: String, val name: String)
+
+sealed class ExampleAction {
+    data object BackClick : ExampleAction()
+    data object SubmitClick : ExampleAction()
+    data class ItemClick(val itemId: String) : ExampleAction()
+    data object DismissDialog : ExampleAction()
+    data object ConfirmAction : ExampleAction()
+}
+
+sealed class ExampleEvent {
+    data object NavigateBack : ExampleEvent()
+    data object NavigateToNext : ExampleEvent()
+}

.claude/skills/testing-android-code/examples/repository-test-example.md

@@ -0,0 +1,255 @@
+/**
+ * Complete Repository Test Example
+ *
+ * Key patterns demonstrated:
+ * - Fake for disk sources, Mock for network services
+ * - Using FakeDispatcherManager for deterministic coroutines
+ * - Using fixed Clock for deterministic time
+ * - Testing Result types with .asSuccess() / .asFailure()
+ * - Asserting actual objects (not isSuccess/isFailure) for better diagnostics
+ * - Testing Flow emissions with Turbine
+ */
+package com.bitwarden.example.data.repository
+
+import app.cash.turbine.test
+import com.bitwarden.core.data.manager.dispatcher.FakeDispatcherManager
+import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
+import com.bitwarden.core.data.util.asFailure
+import com.bitwarden.core.data.util.asSuccess
+import io.mockk.coEvery
+import io.mockk.coVerify
+import io.mockk.mockk
+import kotlinx.coroutines.flow.Flow
+import kotlinx.coroutines.flow.onSubscription
+import kotlinx.coroutines.test.runTest
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Assertions.assertNull
+import org.junit.jupiter.api.Assertions.assertTrue
+import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Test
+import java.time.Clock
+import java.time.Instant
+import java.time.ZoneOffset
+
+class ExampleRepositoryTest {
+
+    // Fixed clock for deterministic time-based tests
+    private val fixedClock: Clock = Clock.fixed(
+        Instant.parse("2023-10-27T12:00:00Z"),
+        ZoneOffset.UTC,
+    )
+
+    // Use FakeDispatcherManager for deterministic coroutine execution
+    private val dispatcherManager = FakeDispatcherManager()
+
+    // Mock service (network layer is always mocked)
+    private val mockService: ExampleService = mockk()
+
+    /**
+     * PATTERN: Use Fake for disk source in happy path tests.
+     * This is the Bitwarden convention for repository testing.
+     */
+    private val fakeDiskSource = FakeExampleDiskSource()
+
+    private lateinit var repository: ExampleRepositoryImpl
+
+    @BeforeEach
+    fun setup() {
+        repository = ExampleRepositoryImpl(
+            clock = fixedClock,
+            service = mockService,
+            diskSource = fakeDiskSource,
+            dispatcherManager = dispatcherManager,
+        )
+    }
+
+    // ==================== HAPPY PATH TESTS (use Fake) ====================
+
+    /**
+     * Test: Successful fetch returns data and saves to disk
+     */
+    @Test
+    fun `fetchData should return success and save to disk when service succeeds`() = runTest {
+        val expectedData = ExampleData(id = "1", name = "Test", updatedAt = fixedClock.instant())
+        coEvery { mockService.getData() } returns expectedData.asSuccess()
+
+        val result = repository.fetchData()
+
+        assertEquals(expectedData, result.getOrThrow())
+        // Fake automatically stores the data - verify it's there
+        assertEquals(expectedData, fakeDiskSource.storedData)
+    }
+
+    /**
+     * Test: Service failure returns failure without saving
+     */
+    @Test
+    fun `fetchData should return failure when service fails`() = runTest {
+        val exception = Exception("Network error")
+        coEvery { mockService.getData() } returns exception.asFailure()
+
+        val result = repository.fetchData()
+
+        assertEquals(exception, result.exceptionOrNull())
+        // Fake was not updated
+        assertNull(fakeDiskSource.storedData)
+    }
+
+    /**
+     * Test: Repository flow emits when disk source updates
+     */
+    @Test
+    fun `dataFlow should emit when disk source updates`() = runTest {
+        val data1 = ExampleData(id = "1", name = "First", updatedAt = fixedClock.instant())
+        val data2 = ExampleData(id = "2", name = "Second", updatedAt = fixedClock.instant())
+
+        repository.dataFlow.test {
+            // Initial null value from Fake
+            assertNull(awaitItem())
+
+            // Update via Fake property setter (triggers emission)
+            fakeDiskSource.storedData = data1
+            assertEquals(data1, awaitItem())
+
+            // Another update
+            fakeDiskSource.storedData = data2
+            assertEquals(data2, awaitItem())
+        }
+    }
+
+    /**
+     * Test: Refresh fetches and saves new data
+     */
+    @Test
+    fun `refresh should fetch new data and update disk source`() = runTest {
+        val newData = ExampleData(id = "new", name = "Fresh", updatedAt = fixedClock.instant())
+        coEvery { mockService.getData() } returns newData.asSuccess()
+
+        val result = repository.refresh()
+
+        assertEquals(Unit, result.getOrThrow())
+        coVerify { mockService.getData() }
+        assertEquals(newData, fakeDiskSource.storedData)
+    }
+
+    /**
+     * Test: Delete clears data from disk
+     */
+    @Test
+    fun `deleteData should clear disk source`() = runTest {
+        // Pre-populate the fake
+        fakeDiskSource.storedData = ExampleData(id = "1", name = "Test", updatedAt = fixedClock.instant())
+
+        repository.deleteData()
+
+        assertNull(fakeDiskSource.storedData)
+    }
+
+    /**
+     * Test: Cached data returns from disk when available
+     */
+    @Test
+    fun `getCachedData should return disk data without network call`() = runTest {
+        val cachedData = ExampleData(
+            id = "cached",
+            name = "Cached",
+            updatedAt = fixedClock.instant(),
+        )
+        fakeDiskSource.storedData = cachedData
+
+        val result = repository.getCachedData()
+
+        assertEquals(cachedData, result)
+        coVerify(exactly = 0) { mockService.getData() }
+    }
+
+    // ==================== ERROR PATH TESTS ====================
+
+    /**
+     * PATTERN: For error paths, reconfigure the class-level mock per-test.
+     * Use coEvery to change mock behavior for each specific test case.
+     */
+    @Test
+    fun `fetchData should return failure when service returns error`() = runTest {
+        val exception = Exception("Server unavailable")
+        coEvery { mockService.getData() } returns exception.asFailure()
+
+        val result = repository.fetchData()
+
+        assertEquals(exception, result.exceptionOrNull())
+        // Fake state unchanged on failure
+        assertNull(fakeDiskSource.storedData)
+    }
+
+    @Test
+    fun `refresh should return failure and preserve cached data when service fails`() = runTest {
+        // Pre-populate cache via Fake
+        val cachedData = ExampleData(id = "cached", name = "Old", updatedAt = fixedClock.instant())
+        fakeDiskSource.storedData = cachedData
+
+        // Reconfigure mock to return failure
+        coEvery { mockService.getData() } returns Exception("Network error").asFailure()
+
+        val result = repository.refresh()
+
+        assertTrue(result.isFailure)
+        // Cached data preserved on failure
+        assertEquals(cachedData, fakeDiskSource.storedData)
+    }
+}
+
+// Example types (normally in separate files)
+data class ExampleData(
+    val id: String,
+    val name: String,
+    val updatedAt: Instant,
+)
+
+interface ExampleService {
+    suspend fun getData(): Result<ExampleData>
+}
+
+interface ExampleDiskSource {
+    val dataFlow: kotlinx.coroutines.flow.Flow<ExampleData?>
+    fun getData(): ExampleData?
+    fun saveData(data: ExampleData)
+    fun clearData()
+}
+
+/**
+ * PATTERN: Fake implementation for happy path testing.
+ *
+ * Key characteristics:
+ * - Uses bufferedMutableSharedFlow(replay = 1) for proper replay behavior
+ * - Uses .onSubscription { emit(state) } for immediate state emission
+ * - Private storage with override property setter that emits to flow
+ * - Test assertions done via the override property getter
+ */
+class FakeExampleDiskSource : ExampleDiskSource {
+    private var storedDataValue: ExampleData? = null
+    private val mutableDataFlow = bufferedMutableSharedFlow<ExampleData?>(replay = 1)
+
+    /**
+     * Override property with getter/setter. Setter emits to flow automatically.
+     * Tests can read this property for assertions and write to trigger emissions.
+     */
+    var storedData: ExampleData?
+        get() = storedDataValue
+        set(value) {
+            storedDataValue = value
+            mutableDataFlow.tryEmit(value)
+        }
+
+    override val dataFlow: Flow<ExampleData?>
+        get() = mutableDataFlow.onSubscription { emit(storedData) }
+
+    override fun getData(): ExampleData? = storedData
+
+    override fun saveData(data: ExampleData) {
+        storedData = data
+    }
+
+    override fun clearData() {
+        storedData = null
+    }
+}

.claude/skills/testing-android-code/examples/viewmodel-test-example.md

@@ -0,0 +1,161 @@
+/**
+ * Complete ViewModel Test Example
+ *
+ * Key patterns demonstrated:
+ * - Extending BaseViewModelTest
+ * - Testing StateFlow with Turbine
+ * - Testing EventFlow with Turbine
+ * - Using stateEventFlow() for simultaneous testing
+ * - MockK mocking patterns
+ * - Test factory method design (accepts domain state, not SavedStateHandle)
+ * - Complete state assertions (assert entire state objects)
+ */
+package com.bitwarden.example.feature
+
+import androidx.lifecycle.SavedStateHandle
+import app.cash.turbine.test
+import com.bitwarden.ui.platform.base.BaseViewModelTest
+import io.mockk.coEvery
+import io.mockk.coVerify
+import io.mockk.every
+import io.mockk.mockk
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.test.runTest
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Test
+
+class ExampleViewModelTest : BaseViewModelTest() {
+
+    // Mock dependencies
+    private val mockRepository: ExampleRepository = mockk()
+    private val mockAuthDiskSource: AuthDiskSource = mockk {
+        every { userStateFlow } returns MutableStateFlow(null)
+    }
+
+    /**
+     * StateFlow has replay=1, so first awaitItem() returns current state
+     */
+    @Test
+    fun `initial state should be default state`() = runTest {
+        val viewModel = createViewModel()
+
+        viewModel.stateFlow.test {
+            assertEquals(DEFAULT_STATE, awaitItem())
+        }
+    }
+
+    /**
+     * Test state transitions: initial -> loading -> success
+     */
+    @Test
+    fun `LoadData action should update state from idle to loading to success`() = runTest {
+        val expectedData = "loaded data"
+        coEvery { mockRepository.fetchData(any()) } returns Result.success(expectedData)
+
+        val viewModel = createViewModel()
+
+        viewModel.stateFlow.test {
+            assertEquals(DEFAULT_STATE, awaitItem())
+
+            viewModel.trySendAction(ExampleAction.LoadData)
+
+            assertEquals(DEFAULT_STATE.copy(isLoading = true), awaitItem())
+            assertEquals(DEFAULT_STATE.copy(isLoading = false, data = expectedData), awaitItem())
+        }
+
+        coVerify { mockRepository.fetchData(any()) }
+    }
+
+    /**
+     * EventFlow has no replay - MUST call expectNoEvents() first
+     */
+    @Test
+    fun `SubmitClick action should emit NavigateToNext event`() = runTest {
+        coEvery { mockRepository.submitData(any()) } returns Result.success(Unit)
+
+        val viewModel = createViewModel()
+
+        viewModel.eventFlow.test {
+            expectNoEvents() // CRITICAL for EventFlow
+            viewModel.trySendAction(ExampleAction.SubmitClick)
+            assertEquals(ExampleEvent.NavigateToNext, awaitItem())
+        }
+    }
+
+    /**
+     * Use stateEventFlow() helper for simultaneous testing
+     */
+    @Test
+    fun `complex action should update state and emit event`() = runTest {
+        coEvery { mockRepository.complexOperation(any()) } returns Result.success("result")
+
+        val viewModel = createViewModel()
+
+        viewModel.stateEventFlow(backgroundScope) { stateFlow, eventFlow ->
+            assertEquals(DEFAULT_STATE, stateFlow.awaitItem())
+            eventFlow.expectNoEvents()
+
+            viewModel.trySendAction(ExampleAction.ComplexAction)
+
+            assertEquals(DEFAULT_STATE.copy(isLoading = true), stateFlow.awaitItem())
+            assertEquals(DEFAULT_STATE.copy(data = "result"), stateFlow.awaitItem())
+            assertEquals(ExampleEvent.ShowToast("Success!"), eventFlow.awaitItem())
+        }
+    }
+
+    /**
+     * Test state restoration from saved state.
+     * Note: Use initialState parameter, NOT SavedStateHandle directly.
+     */
+    @Test
+    fun `initial state from saved state should be preserved`() = runTest {
+        // Build complete expected state - always assert full objects
+        val savedState = ExampleState(
+            isLoading = false,
+            data = "restored data",
+            errorMessage = null,
+        )
+
+        val viewModel = createViewModel(initialState = savedState)
+
+        viewModel.stateFlow.test {
+            assertEquals(savedState, awaitItem())
+        }
+    }
+
+    /**
+     * Factory method accepts domain state, NOT SavedStateHandle.
+     * This hides Android framework details from test logic.
+     */
+    private fun createViewModel(
+        initialState: ExampleState? = null,
+    ): ExampleViewModel = ExampleViewModel(
+        savedStateHandle = SavedStateHandle().apply { set("state", initialState) },
+        repository = mockRepository,
+        authDiskSource = mockAuthDiskSource,
+    )
+}
+
+private val DEFAULT_STATE = ExampleState(
+    isLoading = false,
+    data = null,
+    errorMessage = null,
+)
+
+// Example types (normally in separate files)
+data class ExampleState(
+    val isLoading: Boolean = false,
+    val data: String? = null,
+    val errorMessage: String? = null,
+)
+
+sealed class ExampleAction {
+    data object LoadData : ExampleAction()
+    data object SubmitClick : ExampleAction()
+    data object ComplexAction : ExampleAction()
+}
+
+sealed class ExampleEvent {
+    data object NavigateToNext : ExampleEvent()
+    data class ShowToast(val message: String) : ExampleEvent()
+}

.claude/skills/testing-android-code/references/critical-gotchas.md

@@ -0,0 +1,698 @@
+# Critical Gotchas and Anti-Patterns
+
+Common mistakes and pitfalls when writing tests in the Bitwarden Android codebase.
+
+## ❌ NEVER wrap assertCoroutineThrows in runTest
+
+### The Problem
+
+`runTest` catches exceptions and rethrows them, which breaks the `assertCoroutineThrows` assertion pattern.
+
+### Wrong
+
+```kotlin
+@Test
+fun `test exception`() = runTest {
+    assertCoroutineThrows<Exception> {
+        repository.throwingFunction()
+    }  // Won't work - exception is caught by runTest!
+}
+```
+
+### Correct
+
+```kotlin
+@Test
+fun `test exception`() {
+    assertCoroutineThrows<Exception> {
+        repository.throwingFunction()
+    }  // Works correctly
+}
+```
+
+### Why This Happens
+
+`runTest` provides a coroutine scope and catches exceptions to provide better error messages. However, `assertCoroutineThrows` needs to catch the exception itself to verify it was thrown. When wrapped in `runTest`, the exception is caught twice, breaking the assertion.
+
+## ❌ ALWAYS unmock static functions
+
+### The Problem
+
+MockK's static mocking persists across tests. Forgetting to clean up causes mysterious failures in subsequent tests.
+
+### Wrong
+
+```kotlin
+@Before
+fun setup() {
+    mockkStatic(::isBuildVersionAtLeast)
+    every { isBuildVersionAtLeast(any()) } returns true
+}
+
+// Forgot @After - subsequent tests will fail mysteriously!
+```
+
+### Correct
+
+```kotlin
+@Before
+fun setup() {
+    mockkStatic(::isBuildVersionAtLeast)
+    every { isBuildVersionAtLeast(any()) } returns true
+}
+
+@After
+fun tearDown() {
+    unmockkStatic(::isBuildVersionAtLeast)  // CRITICAL
+}
+```
+
+### Common Static Functions to Watch
+
+```kotlin
+// Platform version checks
+mockkStatic(::isBuildVersionAtLeast)
+unmockkStatic(::isBuildVersionAtLeast)
+
+// URI parsing
+mockkStatic(Uri::class)
+unmockkStatic(Uri::class)
+
+// Static utility functions
+mockkStatic(MyUtilClass::class)
+unmockkStatic(MyUtilClass::class)
+```
+
+### Debugging Tip
+
+If tests pass individually but fail when run together, suspect static mocking cleanup issues.
+
+## ❌ Don't confuse StateFlow and EventFlow testing
+
+### StateFlow (replay = 1)
+
+```kotlin
+// CORRECT - StateFlow always has current value
+viewModel.stateFlow.test {
+    val initial = awaitItem()  // Gets current state immediately
+    viewModel.trySendAction(action)
+    val updated = awaitItem()  // Gets new state
+}
+```
+
+### EventFlow (no replay)
+
+```kotlin
+// CORRECT - EventFlow has no initial value
+viewModel.eventFlow.test {
+    expectNoEvents()  // MUST do this first
+    viewModel.trySendAction(action)
+    val event = awaitItem()  // Gets emitted event
+}
+```
+
+### Common Mistake
+
+```kotlin
+// WRONG - Forgetting expectNoEvents() on EventFlow
+viewModel.eventFlow.test {
+    viewModel.trySendAction(action)  // May cause flaky tests
+    assertEquals(event, awaitItem())
+}
+```
+
+## ❌ Don't mix real and test dispatchers
+
+### Wrong
+
+```kotlin
+private val repository = ExampleRepositoryImpl(
+    dispatcherManager = DispatcherManagerImpl(),  // Real dispatcher!
+)
+
+@Test
+fun `test repository`() = runTest {
+    // Test will have timing issues - real dispatcher != test dispatcher
+}
+```
+
+### Correct
+
+```kotlin
+private val repository = ExampleRepositoryImpl(
+    dispatcherManager = FakeDispatcherManager(),  // Test dispatcher
+)
+
+@Test
+fun `test repository`() = runTest {
+    // Test runs deterministically
+}
+```
+
+### Why This Matters
+
+Real dispatchers use actual thread pools and delays. Test dispatchers (UnconfinedTestDispatcher) execute immediately and deterministically. Mixing them causes:
+- Non-deterministic test failures
+- Real delays in tests (slow test suite)
+- Race conditions
+
+### Always Use
+
+- `FakeDispatcherManager()` for repositories
+- `UnconfinedTestDispatcher()` when manually creating dispatchers
+- `runTest` for coroutine tests (provides TestDispatcher automatically)
+
+## ❌ Don't forget to use runTest for coroutine tests
+
+### Wrong
+
+```kotlin
+@Test
+fun `test coroutine`() {
+    viewModel.stateFlow.test { /* ... */ }  // Missing runTest!
+}
+```
+
+This causes:
+- Test completes before coroutines finish
+- False positives (test passes but assertions never run)
+- Mysterious failures
+
+### Correct
+
+```kotlin
+@Test
+fun `test coroutine`() = runTest {
+    viewModel.stateFlow.test { /* ... */ }
+}
+```
+
+### When runTest is Required
+
+- Testing ViewModels (they use `viewModelScope`)
+- Testing Flows with Turbine `.test {}`
+- Testing repositories with suspend functions
+- Any test calling suspend functions
+
+### Exception: assertCoroutineThrows
+
+As noted above, `assertCoroutineThrows` should NOT be wrapped in `runTest`.
+
+## ❌ Don't forget relaxed = true for complex mocks
+
+### Without relaxed
+
+```kotlin
+private val viewModel = mockk<ExampleViewModel>()  // Must mock every method!
+
+// Error: "no answer found for: stateFlow"
+```
+
+### With relaxed
+
+```kotlin
+private val viewModel = mockk<ExampleViewModel>(relaxed = true) {
+    // Only mock what you care about
+    every { stateFlow } returns mutableStateFlow
+    every { eventFlow } returns mutableEventFlow
+}
+```
+
+### When to Use relaxed
+
+- Mocking ViewModels in Compose tests
+- Mocking complex objects with many methods
+- When you only care about specific method calls
+
+### When NOT to Use relaxed
+
+- Mocking repository interfaces (be explicit about behavior)
+- When you want to verify NO unexpected calls
+- Testing error paths (want test to fail if unexpected method called)
+
+## ❌ Don't assert individual fields when complete state is available
+
+### The Problem
+
+Asserting individual state fields can miss unintended side effects on other fields.
+
+### Wrong
+
+```kotlin
+@Test
+fun `action should update state`() = runTest {
+    viewModel.trySendAction(SomeAction.DoThing)
+
+    val state = viewModel.stateFlow.value
+    assertEquals(null, state.dialog)  // Only checks one field!
+}
+```
+
+### Correct
+
+```kotlin
+@Test
+fun `action should update state`() = runTest {
+    viewModel.trySendAction(SomeAction.DoThing)
+
+    val expected = SomeState(
+        isLoading = false,
+        data = "result",
+        dialog = null,
+    )
+    assertEquals(expected, viewModel.stateFlow.value)  // Checks all fields
+}
+```
+
+### Why This Matters
+
+- Catches unintended mutations to other state fields
+- Makes expected state explicit and readable
+- Prevents silent regressions when state structure changes
+
+---
+
+## ❌ Don't use Kotlin assert() for boolean checks
+
+### The Problem
+
+Kotlin's `assert()` doesn't follow JUnit conventions and provides poor failure messages.
+
+### Wrong
+
+```kotlin
+@Test
+fun `event should trigger callback`() {
+    mutableEventFlow.tryEmit(SomeEvent.Navigate)
+
+    assert(onNavigateCalled)  // Kotlin assert - bad failure messages
+}
+```
+
+### Correct
+
+```kotlin
+@Test
+fun `event should trigger callback`() {
+    mutableEventFlow.tryEmit(SomeEvent.Navigate)
+
+    assertTrue(onNavigateCalled)  // JUnit assertTrue - proper assertion
+}
+```
+
+### Always Use JUnit Assertions
+
+- `assertTrue()` / `assertFalse()` for booleans
+- `assertEquals()` for value comparisons
+- `assertNotNull()` / `assertNull()` for nullability
+- `assertThrows<T>()` for exceptions
+
+---
+
+## ❌ Don't pass SavedStateHandle to test factory methods
+
+### The Problem
+
+Exposing `SavedStateHandle` in test factory methods leaks Android framework details into test logic.
+
+### Wrong
+
+```kotlin
+private fun createViewModel(
+    savedStateHandle: SavedStateHandle = SavedStateHandle(),  // Framework type exposed
+): MyViewModel = MyViewModel(
+    savedStateHandle = savedStateHandle,
+    repository = mockRepository,
+)
+
+@Test
+fun `initial state from saved state`() = runTest {
+    val savedState = MyState(isLoading = true)
+    val savedStateHandle = SavedStateHandle(mapOf("state" to savedState))
+
+    val viewModel = createViewModel(savedStateHandle = savedStateHandle)
+    // ...
+}
+```
+
+### Correct
+
+```kotlin
+private fun createViewModel(
+    initialState: MyState? = null,  // Domain type only
+): MyViewModel = MyViewModel(
+    savedStateHandle = SavedStateHandle().apply { set("state", initialState) },
+    repository = mockRepository,
+)
+
+@Test
+fun `initial state from saved state`() = runTest {
+    val savedState = MyState(isLoading = true)
+
+    val viewModel = createViewModel(initialState = savedState)
+    // ...
+}
+```
+
+### Why This Matters
+
+- Cleaner, more intuitive test code
+- Hides SavedStateHandle implementation details
+- Follows Bitwarden conventions
+
+---
+
+## ❌ Don't test SavedStateHandle persistence in unit tests
+
+### The Problem
+
+Testing whether state persists to SavedStateHandle is testing Android framework behavior, not your business logic.
+
+### Wrong
+
+```kotlin
+@Test
+fun `state should persist to SavedStateHandle`() = runTest {
+    val savedStateHandle = SavedStateHandle()
+    val viewModel = createViewModel(savedStateHandle = savedStateHandle)
+
+    viewModel.trySendAction(SomeAction)
+
+    val savedState = savedStateHandle.get<MyState>("state")
+    assertEquals(expectedState, savedState)  // Testing framework, not logic!
+}
+```
+
+### Correct
+
+Focus on testing business logic and state transformations:
+
+```kotlin
+@Test
+fun `action should update state correctly`() = runTest {
+    val viewModel = createViewModel()
+
+    viewModel.trySendAction(SomeAction)
+
+    assertEquals(expectedState, viewModel.stateFlow.value)  // Test observable state
+}
+```
+
+---
+
+## ❌ Don't use static mocking when DI pattern is available
+
+### The Problem
+
+Static mocking (`mockkStatic`) is harder to maintain and less testable than dependency injection.
+
+### Wrong
+
+```kotlin
+class ParserTest {
+    @BeforeEach
+    fun setup() {
+        mockkStatic(UUID::class)
+        every { UUID.randomUUID() } returns mockk {
+            every { toString() } returns "fixed-uuid"
+        }
+    }
+
+    @AfterEach
+    fun tearDown() {
+        unmockkStatic(UUID::class)
+    }
+}
+```
+
+### Correct
+
+Extract an interface and inject it:
+
+```kotlin
+// Production code
+interface UuidManager {
+    fun generateUuid(): String
+}
+
+class UuidManagerImpl : UuidManager {
+    override fun generateUuid(): String = UUID.randomUUID().toString()
+}
+
+class Parser(private val uuidManager: UuidManager) { ... }
+
+// Test code
+class ParserTest {
+    private val mockUuidManager = mockk<UuidManager>()
+
+    @BeforeEach
+    fun setup() {
+        every { mockUuidManager.generateUuid() } returns "fixed-uuid"
+    }
+
+    // No tearDown needed - no static mocking!
+}
+```
+
+### When to Use This Pattern
+
+- UUID generation
+- Timestamp/Clock operations
+- System property access
+- Any static function that needs deterministic testing
+
+---
+
+## ❌ Don't forget to test null stream returns from Android APIs
+
+### The Problem
+
+Android's `ContentResolver.openOutputStream()` and `openInputStream()` can return null, not just throw exceptions.
+
+### Wrong
+
+```kotlin
+class FileManagerTest {
+    @Test
+    fun `stringToUri with exception should return false`() = runTest {
+        every { mockContentResolver.openOutputStream(any()) } throws IOException()
+
+        val result = fileManager.stringToUri(mockUri, "data")
+
+        assertFalse(result)
+    }
+    // Missing: test for null return!
+}
+```
+
+### Correct
+
+```kotlin
+class FileManagerTest {
+    @Test
+    fun `stringToUri with exception should return false`() = runTest {
+        every { mockContentResolver.openOutputStream(any()) } throws IOException()
+
+        val result = fileManager.stringToUri(mockUri, "data")
+        assertFalse(result)
+    }
+
+    @Test
+    fun `stringToUri with null stream should return false`() = runTest {
+        every { mockContentResolver.openOutputStream(any()) } returns null
+
+        val result = fileManager.stringToUri(mockUri, "data")
+        assertFalse(result)  // CRITICAL: must handle null!
+    }
+}
+```
+
+### Common Android APIs That Return Null
+
+- `ContentResolver.openOutputStream()` / `openInputStream()`
+- `Context.getExternalFilesDir()`
+- `PackageManager.getApplicationInfo()` (can throw)
+
+---
+
+## Bitwarden Mocking Guidelines
+
+**Mock at architectural boundaries:**
+- Repository → ViewModel (mock repository)
+- Service → Repository (mock service)
+- API → Service (use MockWebServer, not mocks)
+- DiskSource → Repository (mock disk source)
+
+**Fake vs Mock Strategy (IMPORTANT):**
+- **Happy paths**: Use Fake implementations (`FakeAuthenticatorDiskSource`, `FakeVaultDiskSource`)
+- **Error paths**: Use MockK with isolated repository instances
+
+```kotlin
+// Happy path - use Fake
+private val fakeDiskSource = FakeAuthenticatorDiskSource()
+
+@Test
+fun `createItem should return Success`() = runTest {
+    val result = repository.createItem(mockItem)
+    assertEquals(CreateItemResult.Success, result)
+}
+
+// Error path - use isolated Mock
+@Test
+fun `createItem with exception should return Error`() = runTest {
+    val mockDiskSource = mockk<AuthenticatorDiskSource> {
+        coEvery { saveItem(any()) } throws RuntimeException()
+    }
+    val repository = RepositoryImpl(diskSource = mockDiskSource)
+
+    val result = repository.createItem(mockItem)
+    assertEquals(CreateItemResult.Error, result)
+}
+```
+
+**Use Fakes for:**
+- `FakeDispatcherManager` - deterministic coroutines
+- `FakeConfigDiskSource` - in-memory config storage
+- `FakeSharedPreferences` - memory-backed preferences
+- `FakeAuthenticatorDiskSource` - in-memory authenticator storage
+
+**Create real instances for:**
+- Data classes, value objects (User, Config, CipherView)
+- Test data builders (`createMockCipher(number = 1)`)
+
+## ❌ Don't forget bufferedMutableSharedFlow with onSubscription for Fakes
+
+### The Problem
+
+Fake data sources using `MutableSharedFlow` won't emit cached state to new subscribers without explicit handling.
+
+### Wrong
+
+```kotlin
+class FakeDataSource : DataSource {
+    private val mutableFlow = MutableSharedFlow<List<Item>>()
+    private val storedItems = mutableListOf<Item>()
+
+    override fun getItems(): Flow<List<Item>> = mutableFlow
+
+    override suspend fun saveItem(item: Item) {
+        storedItems.add(item)
+        mutableFlow.emit(storedItems)
+    }
+}
+
+// Test: Initial collection gets nothing!
+repository.dataFlow.test {
+    // Hangs or fails - no initial emission
+}
+```
+
+### Correct
+
+```kotlin
+class FakeDataSource : DataSource {
+    private val mutableFlow = bufferedMutableSharedFlow<List<Item>>()
+    private val storedItems = mutableListOf<Item>()
+
+    override fun getItems(): Flow<List<Item>> = mutableFlow
+        .onSubscription { emit(storedItems.toList()) }
+
+    override suspend fun saveItem(item: Item) {
+        storedItems.add(item)
+        mutableFlow.emit(storedItems.toList())
+    }
+}
+
+// Test: Initial collection receives current state
+repository.dataFlow.test {
+    assertEquals(emptyList(), awaitItem())  // Works!
+}
+```
+
+### Key Points
+
+- Use `bufferedMutableSharedFlow()` from `core/data/repository/util/`
+- Add `.onSubscription { emit(currentState) }` for immediate state emission
+- This ensures new collectors receive the current cached state
+
+---
+
+## ✅ Use Result extension functions for assertions
+
+### The Pattern
+
+Use `asSuccess()` and `asFailure()` extensions from `com.bitwarden.core.data.util` for cleaner Result assertions.
+
+### Success Path
+
+```kotlin
+@Test
+fun `getData should return success`() = runTest {
+    val result = repository.getData()
+    val expected = expectedData.asSuccess()
+
+    assertEquals(expected.getOrNull(), result.getOrNull())
+}
+```
+
+### Failure Path
+
+```kotlin
+@Test
+fun `getData with error should return failure`() = runTest {
+    val exception = IOException("Network error")
+    coEvery { mockService.getData() } returns exception.asFailure()
+
+    val result = repository.getData()
+
+    assertTrue(result.isFailure)
+    assertEquals(exception, result.exceptionOrNull())
+}
+```
+
+### Avoid Redundant Assertions
+
+```kotlin
+// WRONG - redundant success checks
+assertTrue(result.isSuccess)
+assertTrue(expected.isSuccess)
+assertArrayEquals(expected.getOrNull(), result.getOrNull())
+
+// CORRECT - final assertion is sufficient
+assertArrayEquals(expected.getOrNull(), result.getOrNull())
+```
+
+---
+
+## Summary Checklist
+
+Before submitting tests, verify:
+
+**Core Patterns:**
+- [ ] No `assertCoroutineThrows` inside `runTest`
+- [ ] All static mocks have `unmockk` in `@After`
+- [ ] EventFlow tests start with `expectNoEvents()`
+- [ ] Using FakeDispatcherManager, not real dispatchers
+- [ ] All coroutine tests use `runTest`
+
+**Assertion Patterns:**
+- [ ] Assert complete state objects, not individual fields
+- [ ] Use JUnit `assertTrue()`, not Kotlin `assert()`
+- [ ] Use `asSuccess()` for Result type assertions
+- [ ] Avoid redundant assertion patterns
+
+**Test Design:**
+- [ ] Test factory methods accept domain types, not SavedStateHandle
+- [ ] Use Fakes for happy paths, Mocks for error paths
+- [ ] Prefer DI patterns over static mocking
+- [ ] Test null returns from Android APIs (streams, files)
+- [ ] Fakes use `bufferedMutableSharedFlow()` with `.onSubscription`
+
+**General:**
+- [ ] Tests don't depend on execution order
+- [ ] Complex mocks use `relaxed = true`
+- [ ] Test data is created fresh for each test
+- [ ] Mocking behavior, not value objects
+- [ ] Testing observable behavior, not implementation
+
+When tests fail mysteriously, check these gotchas first.

.claude/skills/testing-android-code/references/flow-testing-patterns.md

@@ -0,0 +1,274 @@
+# Flow Testing with Turbine
+
+Bitwarden Android uses Turbine for testing Kotlin Flows, including the critical distinction between StateFlow and EventFlow patterns.
+
+## StateFlow vs EventFlow
+
+### StateFlow (Replayed)
+
+**Characteristics:**
+- `replay = 1` - Always emits current value to new collectors
+- First `awaitItem()` returns the current/initial state
+- Survives configuration changes
+- Used for UI state that needs to be immediately available
+
+**Test Pattern:**
+```kotlin
+@Test
+fun `action should update state`() = runTest {
+    val viewModel = MyViewModel(savedStateHandle, mockRepository)
+
+    viewModel.stateFlow.test {
+        // First awaitItem() gets CURRENT state
+        assertEquals(INITIAL_STATE, awaitItem())
+
+        // Trigger action
+        viewModel.trySendAction(MyAction.LoadData)
+
+        // Next awaitItem() gets UPDATED state
+        assertEquals(LOADING_STATE, awaitItem())
+        assertEquals(SUCCESS_STATE, awaitItem())
+    }
+}
+```
+
+### EventFlow (No Replay)
+
+**Characteristics:**
+- `replay = 0` - Only emits new events after subscription
+- No initial value emission
+- One-time events (navigation, toasts, dialogs)
+- Does not survive configuration changes
+
+**Test Pattern:**
+```kotlin
+@Test
+fun `action should emit event`() = runTest {
+    val viewModel = MyViewModel(savedStateHandle, mockRepository)
+
+    viewModel.eventFlow.test {
+        // MUST call expectNoEvents() first - nothing emitted yet
+        expectNoEvents()
+
+        // Trigger action
+        viewModel.trySendAction(MyAction.Submit)
+
+        // Now expect the event
+        assertEquals(MyEvent.NavigateToNext, awaitItem())
+    }
+}
+```
+
+**Critical:** Always call `expectNoEvents()` before triggering actions on EventFlow. Forgetting this causes flaky tests.
+
+## Testing State and Events Simultaneously
+
+Use the `stateEventFlow()` helper from `BaseViewModelTest`:
+
+```kotlin
+@Test
+fun `complex action should update state and emit event`() = runTest {
+    val viewModel = MyViewModel(savedStateHandle, mockRepository)
+
+    viewModel.stateEventFlow(backgroundScope) { stateFlow, eventFlow ->
+        // Initial state
+        assertEquals(INITIAL_STATE, stateFlow.awaitItem())
+
+        // No events yet
+        eventFlow.expectNoEvents()
+
+        // Trigger action
+        viewModel.trySendAction(MyAction.ComplexAction)
+
+        // Verify state progression
+        assertEquals(LOADING_STATE, stateFlow.awaitItem())
+        assertEquals(SUCCESS_STATE, stateFlow.awaitItem())
+
+        // Verify event emission
+        assertEquals(MyEvent.ShowToast, eventFlow.awaitItem())
+    }
+}
+```
+
+## Repository Flow Testing
+
+### Testing Database Flows
+
+```kotlin
+@Test
+fun `dataFlow should emit when database updates`() = runTest {
+    val dataFlow = MutableStateFlow(initialData)
+    every { mockDiskSource.dataFlow } returns dataFlow
+
+    repository.dataFlow.test {
+        // Initial value
+        assertEquals(initialData, awaitItem())
+
+        // Update disk source
+        dataFlow.value = updatedData
+
+        // Verify emission
+        assertEquals(updatedData, awaitItem())
+    }
+}
+```
+
+### Testing Transformed Flows
+
+```kotlin
+@Test
+fun `flow transformation should map correctly`() = runTest {
+    val sourceFlow = MutableStateFlow(UserEntity(id = "1", name = "John"))
+    every { mockDao.observeUser() } returns sourceFlow
+
+    // Repository transforms entity to domain model
+    repository.userFlow.test {
+        val expectedUser = User(id = "1", name = "John")
+        assertEquals(expectedUser, awaitItem())
+    }
+}
+```
+
+## Common Patterns
+
+### Pattern 1: Testing Initial State + Action
+
+```kotlin
+@Test
+fun `load data should update from idle to loading to success`() = runTest {
+    coEvery { repository.getData() } returns "data".asSuccess()
+
+    viewModel.stateFlow.test {
+        assertEquals(DEFAULT_STATE, awaitItem())
+
+        viewModel.loadData()
+
+        assertEquals(DEFAULT_STATE.copy(loadingState = LoadingState.Loading), awaitItem())
+        assertEquals(DEFAULT_STATE.copy(loadingState = LoadingState.Success), awaitItem())
+    }
+}
+```
+
+### Pattern 2: Testing Error States
+
+```kotlin
+@Test
+fun `load data with error should emit failure state`() = runTest {
+    val error = Exception("Network error")
+    coEvery { repository.getData() } returns error.asFailure()
+
+    viewModel.stateFlow.test {
+        assertEquals(DEFAULT_STATE, awaitItem())
+
+        viewModel.loadData()
+
+        assertEquals(DEFAULT_STATE.copy(loadingState = LoadingState.Loading), awaitItem())
+        assertEquals(
+            DEFAULT_STATE.copy(loadingState = LoadingState.Error("Network error")),
+            awaitItem(),
+        )
+    }
+}
+```
+
+### Pattern 3: Testing Event Sequences
+
+```kotlin
+@Test
+fun `submit should emit validation then navigation events`() = runTest {
+    viewModel.eventFlow.test {
+        expectNoEvents()
+
+        viewModel.trySendAction(MyAction.Submit)
+
+        assertEquals(MyEvent.ShowValidation, awaitItem())
+        assertEquals(MyEvent.NavigateToNext, awaitItem())
+    }
+}
+```
+
+### Pattern 4: Testing Cancellation
+
+```kotlin
+@Test
+fun `cancelling collection should stop emissions`() = runTest {
+    val flow = flow {
+        repeat(100) {
+            emit(it)
+            delay(100)
+        }
+    }
+
+    flow.test {
+        assertEquals(0, awaitItem())
+        assertEquals(1, awaitItem())
+
+        // Cancel after 2 items
+        cancel()
+
+        // No more items received
+    }
+}
+```
+
+## Anti-Patterns
+
+### ❌ Forgetting expectNoEvents() on EventFlow
+
+```kotlin
+// WRONG
+viewModel.eventFlow.test {
+    viewModel.trySendAction(action)  // May fail - no initial expectNoEvents
+    assertEquals(event, awaitItem())
+}
+
+// CORRECT
+viewModel.eventFlow.test {
+    expectNoEvents()  // ALWAYS do this first
+    viewModel.trySendAction(action)
+    assertEquals(event, awaitItem())
+}
+```
+
+### ❌ Not Using runTest
+
+```kotlin
+// WRONG - Missing runTest
+@Test
+fun `test flow`() {
+    flow.test { /* ... */ }
+}
+
+// CORRECT
+@Test
+fun `test flow`() = runTest {
+    flow.test { /* ... */ }
+}
+```
+
+### ❌ Mixing StateFlow and EventFlow Patterns
+
+```kotlin
+// WRONG - Treating StateFlow like EventFlow
+stateFlow.test {
+    expectNoEvents()  // Unnecessary - StateFlow always has value
+    /* ... */
+}
+
+// WRONG - Treating EventFlow like StateFlow
+eventFlow.test {
+    val item = awaitItem()  // Will hang - no initial value!
+    /* ... */
+}
+```
+
+## Reference Implementations
+
+**ViewModel with StateFlow and EventFlow:**
+`app/src/test/kotlin/com/x8bit/bitwarden/ui/tools/feature/generator/GeneratorViewModelTest.kt`
+
+**Repository Flow Testing:**
+`data/src/test/kotlin/com/bitwarden/data/tools/generator/repository/GeneratorRepositoryTest.kt`
+
+**Complex Flow Transformations:**
+`data/src/test/kotlin/com/bitwarden/data/vault/repository/VaultRepositoryTest.kt`

.claude/skills/testing-android-code/references/test-base-classes.md

@@ -0,0 +1,259 @@
+# Test Base Classes Reference
+
+Bitwarden Android provides specialized base classes that configure test environments and provide helper utilities.
+
+## BaseViewModelTest
+
+**Location:** `ui/src/testFixtures/kotlin/com/bitwarden/ui/platform/base/BaseViewModelTest.kt`
+
+### Purpose
+Provides essential setup for testing ViewModels with proper coroutine dispatcher configuration and Flow testing helpers.
+
+### Automatic Configuration
+- Registers `MainDispatcherExtension` for `UnconfinedTestDispatcher`
+- Ensures deterministic coroutine execution in tests
+- All coroutines complete immediately without real delays
+
+### Key Feature: stateEventFlow() Helper
+
+**Use Case:** When you need to test both StateFlow and EventFlow simultaneously.
+
+```kotlin
+@Test
+fun `complex action should update state and emit event`() = runTest {
+    val viewModel = ExampleViewModel(savedStateHandle, mockRepository)
+
+    viewModel.stateEventFlow(backgroundScope) { stateFlow, eventFlow ->
+        // Verify initial state
+        assertEquals(INITIAL_STATE, stateFlow.awaitItem())
+
+        // No events yet
+        eventFlow.expectNoEvents()
+
+        // Trigger action
+        viewModel.trySendAction(ExampleAction.ComplexAction)
+
+        // Verify state updated
+        assertEquals(LOADING_STATE, stateFlow.awaitItem())
+
+        // Verify event emitted
+        assertEquals(ExampleEvent.ShowToast, eventFlow.awaitItem())
+    }
+}
+```
+
+### Usage Pattern
+
+```kotlin
+class MyViewModelTest : BaseViewModelTest() {
+    private val mockRepository: MyRepository = mockk()
+    private val savedStateHandle = SavedStateHandle(
+        mapOf(KEY_STATE to INITIAL_STATE)
+    )
+
+    @Test
+    fun `test action`() = runTest {
+        val viewModel = MyViewModel(
+            savedStateHandle = savedStateHandle,
+            repository = mockRepository
+        )
+
+        // Test with automatic dispatcher setup
+        viewModel.stateFlow.test {
+            assertEquals(INITIAL_STATE, awaitItem())
+        }
+    }
+}
+```
+
+## BitwardenComposeTest
+
+**Location:** `app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/base/BitwardenComposeTest.kt`
+
+### Purpose
+Pre-configured test class for Compose UI tests with all Bitwarden managers and theme setup.
+
+### Automatic Configuration
+- All Bitwarden managers pre-configured (FeatureFlags, AuthTab, Biometrics, etc.)
+- Wraps content in `BitwardenTheme` and `LocalManagerProvider`
+- Provides fixed `Clock` for deterministic time-based tests
+- Extends `BaseComposeTest` for Robolectric and dispatcher setup
+
+### Key Features
+
+**Pre-configured Managers:**
+- `FeatureFlagManager` - Controls feature flag behavior
+- `AuthTabManager` - Manages auth tab state
+- `BiometricsManager` - Handles biometric authentication
+- `ClipboardManager` - Clipboard operations
+- `NotificationManager` - Notification display
+
+**Fixed Clock:**
+All tests use a fixed clock for deterministic time-based testing:
+```kotlin
+// Tests use consistent time: 2023-10-27T12:00:00Z
+val fixedClock: Clock
+```
+
+### Usage Pattern
+
+```kotlin
+class MyScreenTest : BitwardenComposeTest() {
+    private var haveCalledNavigateBack = false
+    private val mutableEventFlow = bufferedMutableSharedFlow<MyEvent>()
+    private val mutableStateFlow = MutableStateFlow(DEFAULT_STATE)
+    private val viewModel = mockk<MyViewModel>(relaxed = true) {
+        every { eventFlow } returns mutableEventFlow
+        every { stateFlow } returns mutableStateFlow
+    }
+
+    @Before
+    fun setup() {
+        setContent {
+            MyScreen(
+                onNavigateBack = { haveCalledNavigateBack = true },
+                viewModel = viewModel
+            )
+        }
+    }
+
+    @Test
+    fun `on back click should send action`() {
+        composeTestRule.onNodeWithContentDescription("Back").performClick()
+        verify { viewModel.trySendAction(MyAction.BackClick) }
+    }
+
+    @Test
+    fun `loading state should show progress`() {
+        mutableStateFlow.value = DEFAULT_STATE.copy(isLoading = true)
+        composeTestRule.onNode(isProgressBar).assertIsDisplayed()
+    }
+}
+```
+
+### Important: bufferedMutableSharedFlow for Events
+
+In Compose tests, use `bufferedMutableSharedFlow` instead of regular `MutableSharedFlow` (default replay is 0):
+
+```kotlin
+// Correct for Compose tests
+private val mutableEventFlow = bufferedMutableSharedFlow<MyEvent>()
+
+// This allows triggering events and having the UI react
+mutableEventFlow.tryEmit(MyEvent.NavigateBack)
+```
+
+## BaseServiceTest
+
+**Location:** `network/src/testFixtures/kotlin/com/bitwarden/network/base/BaseServiceTest.kt`
+
+### Purpose
+Provides MockWebServer setup for testing API service implementations.
+
+### Automatic Configuration
+- `server: MockWebServer` - Auto-started before each test, stopped after
+- `retrofit: Retrofit` - Pre-configured with:
+  - JSON converter (kotlinx.serialization)
+  - NetworkResultCallAdapter for Result<T> responses
+  - Base URL pointing to MockWebServer
+- `json: Json` - kotlinx.serialization JSON instance
+
+### Usage Pattern
+
+```kotlin
+class MyServiceTest : BaseServiceTest() {
+    private val api: MyApi = retrofit.create()
+    private val service = MyServiceImpl(api)
+
+    @Test
+    fun `getConfig should return success when API succeeds`() = runTest {
+        // Enqueue mock response
+        server.enqueue(MockResponse().setBody(EXPECTED_JSON))
+
+        // Call service
+        val result = service.getConfig()
+
+        // Verify result
+        assertEquals(EXPECTED_RESPONSE.asSuccess(), result)
+    }
+
+    @Test
+    fun `getConfig should return failure when API fails`() = runTest {
+        // Enqueue error response
+        server.enqueue(MockResponse().setResponseCode(500))
+
+        // Call service
+        val result = service.getConfig()
+
+        // Verify failure
+        assertTrue(result.isFailure)
+    }
+}
+```
+
+### MockWebServer Patterns
+
+**Enqueue successful response:**
+```kotlin
+server.enqueue(MockResponse().setBody("""{"key": "value"}"""))
+```
+
+**Enqueue error response:**
+```kotlin
+server.enqueue(MockResponse().setResponseCode(404))
+server.enqueue(MockResponse().setResponseCode(500))
+```
+
+**Enqueue delayed response:**
+```kotlin
+server.enqueue(
+    MockResponse()
+        .setBody("""{"key": "value"}""")
+        .setBodyDelay(1000, TimeUnit.MILLISECONDS)
+)
+```
+
+**Verify request details:**
+```kotlin
+val request = server.takeRequest()
+assertEquals("/api/config", request.path)
+assertEquals("GET", request.method)
+assertEquals("Bearer token", request.getHeader("Authorization"))
+```
+
+## BaseComposeTest
+
+**Location:** `ui/src/testFixtures/kotlin/com/bitwarden/ui/platform/base/BaseComposeTest.kt`
+
+### Purpose
+Base class for Compose tests that extends `BaseRobolectricTest` and provides `setTestContent()` helper.
+
+### Features
+- Robolectric configuration for Compose
+- Proper dispatcher setup
+- `composeTestRule` for UI testing
+- `setTestContent()` helper wraps content in theme
+
+### Usage
+Typically you'll extend `BitwardenComposeTest` which extends this class. Use `BaseComposeTest` directly only for tests that don't need Bitwarden-specific manager configuration.
+
+## When to Use Each Base Class
+
+| Test Type | Base Class | Use When |
+|-----------|------------|----------|
+| ViewModel tests | `BaseViewModelTest` | Testing ViewModel state and events |
+| Compose screen tests | `BitwardenComposeTest` | Testing Compose UI with Bitwarden components |
+| API service tests | `BaseServiceTest` | Testing network layer with MockWebServer |
+| Repository tests | None (manual setup) | Testing repository logic with mocked dependencies |
+| Utility/helper tests | None (manual setup) | Testing pure functions or utilities |
+
+## Complete Examples
+
+**ViewModel Test:**
+`../examples/viewmodel-test-example.md`
+
+**Compose Screen Test:**
+`../examples/compose-screen-test-example.md`
+
+**Repository Test:**
+`../examples/repository-test-example.md`

.github/PULL_REQUEST_TEMPLATE.md

@@ -9,27 +9,3 @@
 ## 📸 Screenshots
 
 <!-- Required for any UI changes; delete if not applicable. Use fixed width images for better display. -->
-
-## ⏰ Reminders before review
-
-- Contributor guidelines followed
-- All formatters and local linters executed and passed
-- Written new unit and / or integration tests where applicable
-- Protected functional changes with optionality (feature flags)
-- Used internationalization (i18n) for all UI strings
-- CI builds passed
-- Communicated to DevOps any deployment requirements
-- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
-
-## 🦮 Reviewer guidelines
-
-<!-- Suggested interactions but feel free to use (or not) as you desire! -->
-
-- 👍 (`:+1:`) or similar for great changes
-- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
-- ❓ (`:question:`) for questions
-- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
-- 🎨 (`:art:`) for suggestions / improvements
-- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention
-- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt
-- ⛏ (`:pick:`) for minor or nitpick changes

.github/actions/setup-android-build/action.yml

@@ -8,27 +8,8 @@ inputs:
 runs:
   using: 'composite'
   steps:
-    - name: Validate Gradle wrapper
-      uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
-
-    - name: Cache Gradle files
-      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-      with:
-        path: |
-          ~/.gradle/caches
-          ~/.gradle/wrapper
-        key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-        restore-keys: |
-          ${{ runner.os }}-gradle-v2-
-
-    - name: Cache build output
-      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-      with:
-        path: |
-          ${{ github.workspace }}/build-cache
-        key: ${{ runner.os }}-build-cache-${{ github.sha }}
-        restore-keys: |
-          ${{ runner.os }}-build-
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1
 
     - name: Configure Ruby
       uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
@@ -44,6 +25,5 @@ runs:
     - name: Install Fastlane
       shell: bash
       run: |
-        gem install bundler:2.2.27
         bundle config path vendor/bundle
         bundle install --jobs 4 --retry 3

.github/label-pr.json

@@ -0,0 +1,58 @@
+{
+  "title_patterns": {
+    "t:feature": ["feat", "feature", "tool"],
+    "t:bug": ["fix", "bug", "bugfix"],
+    "t:tech-debt": ["refactor", "chore", "cleanup", "revert", "debt", "test", "perf"],
+    "t:docs": ["docs"],
+    "t:ci": ["ci", "build", "chore(ci)"],
+    "t:deps": ["deps"],
+    "t:breaking-change": ["breaking", "breaking-change"],
+    "t:misc": ["misc"],
+    "t:llm": ["llm"]
+  },
+  "path_patterns": {
+    "app:shared": [
+      "annotation/",
+      "core/",
+      "data/",
+      "network/",
+      "ui/",
+      "authenticatorbridge/",
+      "gradle/"
+    ],
+    "app:password-manager": [
+      "app/",
+      "cxf/",
+      "testharness/"
+    ],
+    "app:authenticator": [
+      "authenticator/"
+    ],
+    "t:feature": [
+      "app/src/main/assets/fido2_privileged_community.json",
+      "app/src/main/assets/fido2_privileged_google.json",
+      "testharness/"
+    ],
+    "t:tech-debt": [
+      "gradle.properties",
+      "keystore/"
+    ],
+    "t:ci": [
+      ".checkmarx/",
+      ".github/",
+      "scripts/",
+      "fastlane/",
+      ".gradle/",
+      "detekt-config.yml"
+    ],
+    "t:docs": [
+      "docs/"
+    ],
+    "t:deps": [
+      "gradle/"
+    ],
+    "t:llm": [
+      ".claude/"
+    ]
+  }
+}

.github/release.yml

@@ -0,0 +1,34 @@
+changelog:
+  exclude:
+    labels:
+      - ignore-for-release
+  categories:
+    - title: '✨ Community Highlight'
+      labels:
+        - community-pr
+    - title: ':shipit: Feature Development'
+      labels:
+        - t:feature
+        - t:feature-app
+        - t:feature-tool
+        - t:new-feature
+        - t:enhancement
+    - title: '❗ Breaking Changes'
+      labels:
+        - t:breaking-change
+    - title: '🐛 Bug fixes'
+      labels:
+        - t:bug
+    - title: '⚙️ Maintenance'
+      labels:
+        - t:tech-debt
+        - t:ci
+        - t:docs
+        - t:misc
+    - title: '📦 Dependency Updates'
+      labels:
+        - dependencies
+        - t:deps
+    - title: '🎨 Other'
+      labels:
+        - '*'

.github/renovate.json

@@ -3,6 +3,7 @@
   "extends": [
     "github>bitwarden/renovate-config"
   ],
+  "ignoreDeps": ["com.bitwarden:sdk-android"],
   "enabledManagers": [
     "github-actions",
     "gradle",
@@ -19,20 +20,6 @@
         "patch"
       ]
     },
-    {
-      "groupName": "gradle minor",
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
-      "matchManagers": [
-        "gradle"
-      ],
-      "excludePackageNames": [
-        "com.github.bumptech.glide:compose",
-        "com.bitwarden:sdk-android"
-      ]
-    },
     {
       "groupName": "kotlin",
       "description": "Kotlin and Compose dependencies that must be updated together to maintain compatibility.",

.github/scripts/gh_release_update_issues.py

@@ -0,0 +1,150 @@
+#!/usr/bin/env python3
+# Requires Python 3.9+
+"""
+Comment GitHub issues linked to Pull Requests mentioned in a given release.
+
+Usage:
+    python gh_release_update_issues.py <release_url> [--dry-run]
+
+Arguments:
+    release-url: The URL of the release to comment on
+    --dry-run: Run without actually updating issues
+
+Examples:
+    python gh_release_update_issues.py https://github.com/owner/repo/releases/tag/v1.0.0
+    python gh_release_update_issues.py https://github.com/owner/repo/releases/tag/v1.0.0 --dry-run
+"""
+
+import re
+import subprocess
+import json
+import argparse
+from collections import defaultdict
+from typing import List, Tuple, Dict
+
+def parse_release_url(release_url: str) -> Tuple[str, str, str]:
+    """Extract owner, repo name, and tag from a GitHub release URL.
+
+    Returns:
+        Tuple of (owner, repo_name, release_tag)
+    """
+    match = re.search(r'github\.com/([\w-]+)/([\w.-]+)/releases/tag/(.+)$', release_url)
+    if not match:
+        raise ValueError(f"Cannot parse release URL: {release_url}")
+    return match.group(1), match.group(2), match.group(3)
+
+def extract_pr_numbers(release_notes: str) -> List[int]:
+    return [int(n) for n in re.findall(r'/pull/(\d+)', release_notes)]
+
+def build_issue_comment(repo: str, release_name: str, release_link: str, pr_numbers: List[int]) -> str:
+    if len(pr_numbers) == 0:
+        return ""
+
+    pr_links = [f"* https://github.com/{repo}/pull/{pr_number}" for pr_number in pr_numbers]
+
+    return f":shipit: Pull Request(s) linked to this issue released in [{release_name}]({release_link}):\n\n"+ "\n".join(pr_links)
+
+def gh_fetch_release(repo: str, release_tag: str) -> Tuple[str, str]:
+    result = subprocess.run(
+        ['gh', 'release', 'view', release_tag, '--repo', repo, '--json', 'name,body'],
+        capture_output=True, text=True, check=True
+    )
+    data = json.loads(result.stdout)
+    return data['name'], data['body']
+
+def gh_comment_issue(repo: str, issue_number: int, comment: str) -> None:
+    """Use GitHub CLI to comment on an issue.
+    """
+    subprocess.run([
+        'gh', 'issue', 'comment', str(issue_number), '--body', comment, '--repo', repo
+    ], check=True)
+
+def gh_fetch_linked_issues_batched(owner: str, repo_name: str, pr_numbers: List[int]) -> Dict[int, List[int]]:
+    """Batch-fetch linked issues for all PRs in a single GraphQL call.
+
+    Returns:
+        Dict mapping each PR number to its list of linked issue numbers.
+    """
+    if not pr_numbers:
+        return {}
+
+    tmpl = 'pr_%d: pullRequest(number: %d) { closingIssuesReferences(first: 100) { nodes { number } } }'
+    pr_fragments = "\n".join(tmpl % (pr, pr) for pr in pr_numbers)
+    query = """
+    query ($owner: String!, $repo: String!) {
+        repository(owner: $owner, name: $repo) {
+            %s
+        }
+    }
+    """ % pr_fragments
+
+    try:
+        result = subprocess.run(
+            [
+                'gh', 'api', 'graphql',
+                '-F', f'owner={owner}',
+                '-F', f'repo={repo_name}',
+                '-f', f'query={query}',
+            ],
+            capture_output=True, text=True, check=True,
+        )
+        data = json.loads(result.stdout)
+        repo_data = data['data']['repository']
+
+        pr_issues_map: Dict[int, List[int]] = {}
+        for pr_number in pr_numbers:
+            nodes = repo_data.get(f'pr_{pr_number}', {}).get('closingIssuesReferences', {}).get('nodes', [])
+            pr_issues = [node['number'] for node in nodes]
+            pr_issues_map[pr_number] = pr_issues
+        return pr_issues_map
+
+    except subprocess.CalledProcessError as e:
+        print(f"::error::Error batch-fetching linked issues: {e.stderr}")
+        raise
+
+def map_issues_to_prs(pr_issues_map: Dict[int, List[int]]) -> Dict[int, List[int]]:
+    """Invert a PR->issues map into an issue->PRs map."""
+    issue_pr_map: Dict[int, List[int]] = defaultdict(list)
+    for pr_number, issue_numbers in pr_issues_map.items():
+        for issue_number in issue_numbers:
+            issue_pr_map[issue_number].append(pr_number)
+    return dict(issue_pr_map)
+
+def comment_issues(repo: str, issue_pr_map: Dict[int, List[int]], release_name: str, release_url: str, dry_run: bool) -> None:
+    for issue_number, linked_prs in issue_pr_map.items():
+        comment = build_issue_comment(repo, release_name, release_url, linked_prs)
+        print(f"{'Dry run - ' if dry_run else ''}Commenting on issue {issue_number}:\n{comment}\n")
+        if not dry_run and comment:
+            gh_comment_issue(repo, issue_number, comment)
+
+def parse_args():
+    parser = argparse.ArgumentParser(
+        description='Comment GitHub issues linked to Pull Requests mentioned in a given release.'
+    )
+    parser.add_argument(
+        'release_url',
+        help='Release URL (e.g. https://github.com/owner/repo/releases/tag/v1.0.0)'
+    )
+    parser.add_argument(
+        '--dry-run',
+        action='store_true',
+        help='Run without actually commenting issues'
+    )
+    return parser.parse_args()
+
+if __name__ == '__main__':
+    args = parse_args()
+
+    owner, repo_name, release_tag = parse_release_url(args.release_url)
+    repo = f"{owner}/{repo_name}"
+    print(f"📋 Release URL: {args.release_url}")
+
+    release_name, release_notes = gh_fetch_release(repo, release_tag)
+    print(f"📋 Release Name: {release_name}")
+
+    pr_numbers = extract_pr_numbers(release_notes)
+    print(f"📋 PR Numbers parsed from release notes: {pr_numbers}")
+    pr_issues_map = gh_fetch_linked_issues_batched(owner, repo_name, pr_numbers)
+    print(f"📋 PRs with linked issues: {[pr for pr, issues in pr_issues_map.items() if issues]}\n")
+    issue_pr_map = map_issues_to_prs(pr_issues_map)
+    comment_issues(repo, issue_pr_map, release_name, args.release_url, args.dry_run)

.github/scripts/jira-get-release-notes/README.md

@@ -40,7 +40,7 @@ Single line of release notes text
 
 ```json
 ...
-"customfield_10335": {
+"customfield_9999": {
     "type": "doc",
     "version": 1,
     "content": [
@@ -62,7 +62,7 @@ Single line of release notes text
 
 ```json
 ...
-"customfield_10335": {
+"customfield_9999": {
     "type": "doc",
     "version": 1,
     "content": [

.github/scripts/jira-get-release-notes/jira_release_notes.py

@@ -5,6 +5,8 @@ import base64
 import json
 import requests
 
+SCRIPT_NAME = "jira_release_notes.py"
+
 def extract_text_from_content(content):
     if isinstance(content, list):
         texts = [extract_text_from_content(item) for item in content]
@@ -23,19 +25,42 @@ def extract_text_from_content(content):
 
     return ''
 
-def parse_release_notes(response_json):
-    try:
-        fields = response_json.get('fields', {})
-        release_notes_field = fields.get('customfield_10335', {})
+def log_customfields_with_content(fields):
+    """Log all customfield_* fields that have a 'content' key to help troubleshoot structure changes."""
+    print(f"[{SCRIPT_NAME}] Available customfield_* fields with 'content':", file=sys.stderr)
+    found = False
+    for key, value in fields.items():
+        if key.startswith('customfield_') and isinstance(value, dict) and 'content' in value:
+            found = True
+            print(f"[{SCRIPT_NAME}]   {key}: {json.dumps(value, indent=2)}", file=sys.stderr)
+    if not found:
+        print(f"[{SCRIPT_NAME}]   None found", file=sys.stderr)
 
-        if not release_notes_field or not release_notes_field.get('content'):
+def parse_release_notes(response_json):
+    release_notes_field_name = 'customfield_10309'
+    try:
+        fields = response_json.get('fields')
+        if not fields:
+            print(f"[{SCRIPT_NAME}] 'fields' is empty or missing in response", file=sys.stderr)
             return ''
 
-        release_notes = extract_text_from_content(release_notes_field.get('content', []))
+        release_notes_field = fields.get(release_notes_field_name)
+        if not release_notes_field:
+            print(f"[{SCRIPT_NAME}] Release notes field is empty or missing. Field name: {release_notes_field_name}", file=sys.stderr)
+            log_customfields_with_content(fields)
+            return ''
+
+        content = release_notes_field.get('content', [])
+        if not content:
+            print(f"[{SCRIPT_NAME}] Release notes field was found but 'content' is empty or missing in {release_notes_field_name}", file=sys.stderr)
+            log_customfields_with_content(fields)
+            return ''
+
+        release_notes = extract_text_from_content(content)
         return release_notes
 
     except Exception as e:
-        print(f"Error parsing release notes: {str(e)}", file=sys.stderr)
+        print(f"[{SCRIPT_NAME}] Error parsing release notes: {str(e)}", file=sys.stderr)
         return ''
 
 def main():
@@ -60,7 +85,7 @@ def main():
     )
 
     if response.status_code != 200:
-        print(f"Error fetching Jira issue: {response.status_code}", file=sys.stderr)
+        print(f"[{SCRIPT_NAME}] Error fetching Jira issue ({jira_issue_id}). Status code: {response.status_code}. Msg: {response.text}", file=sys.stderr)
         sys.exit(1)
 
     release_notes = parse_release_notes(response.json())

.github/scripts/label-pr.py

@@ -0,0 +1,263 @@
+#!/usr/bin/env python3
+# Requires Python 3.9+
+"""
+Label pull requests based on changed file paths and PR title patterns (conventional commit format).
+
+Usage:
+    python label-pr.py <pr-number> <pr-labels> [-a|--add|-r|--replace] [-d|--dry-run] [-c|--config CONFIG]
+
+Arguments:
+    pr-number: The pull request number
+    pr-labels: Current PR labels as JSON array string
+    -a, --add: Add labels without removing existing ones (default)
+    -r, --replace: Replace all existing labels
+    -d, --dry-run: Run without actually applying labels
+    -c, --config: Path to JSON config file (default: .github/label-pr.json)
+
+Examples:
+    python label-pr.py 1234 '[]'
+    python label-pr.py 1234 '[{"name":"label1"}]' -a
+    python label-pr.py 1234 '[{"name":"label1"}]' --replace
+    python label-pr.py 1234 '[{"name":"label1"}]' -r -d
+    python label-pr.py 1234 '[]' --config custom-config.json
+"""
+
+import argparse
+import json
+import os
+import subprocess
+import sys
+
+DEFAULT_MODE = "add"
+DEFAULT_CONFIG_PATH = ".github/label-pr.json"
+
+def load_config_json(config_file: str) -> dict:
+    """Load configuration from JSON file."""
+    if not os.path.exists(config_file):
+        print(f"❌ Config file not found: {config_file}")
+        sys.exit(1)
+
+    try:
+        with open(config_file, 'r') as f:
+            config = json.load(f)
+            print(f"✅ Loaded config from: {config_file}")
+
+            valid_config = True
+            if not config.get("title_patterns"):
+                print("❌ Missing 'title_patterns' in config file")
+                valid_config = False
+            if not config.get("path_patterns"):
+                print("❌ Missing 'path_patterns' in config file")
+                valid_config = False
+
+            if not valid_config:
+                print("::error::Invalid label-pr.json config file, exiting...")
+                sys.exit(1)
+
+            return config
+    except json.JSONDecodeError as e:
+        print(f"❌ JSON deserialization error in label-pr.json config: {e}")
+        sys.exit(1)
+    except Exception as e:
+        print(f"❌ Unexpected error loading label-pr.json config: {e}")
+        sys.exit(1)
+
+def gh_get_changed_files(pr_number: str) -> list[str]:
+    """Get list of changed files in a pull request."""
+    try:
+        result = subprocess.run(
+            ["gh", "pr", "diff", pr_number, "--name-only"],
+            capture_output=True,
+            text=True,
+            check=True
+        )
+        changed_files = result.stdout.strip().split("\n")
+        return list(filter(None, changed_files))
+    except subprocess.CalledProcessError as e:
+        print(f"::error::Error getting changed files: {e}")
+        return []
+
+def gh_get_pr_title(pr_number: str) -> str:
+    """Get the title of a pull request."""
+    try:
+        result = subprocess.run(
+            ["gh", "pr", "view", pr_number, "--json", "title", "--jq", ".title"],
+            capture_output=True,
+            text=True,
+            check=True
+        )
+        return result.stdout.strip()
+    except subprocess.CalledProcessError as e:
+        print(f"::error::Error getting PR title: {e}")
+        return ""
+
+def gh_add_labels(pr_number: str, labels: list[str]) -> None:
+    """Add labels to a pull request (doesn't remove existing labels)."""
+    gh_labels = ','.join(labels)
+    subprocess.run(
+        ["gh", "pr", "edit", pr_number, "--add-label", gh_labels],
+        check=True
+    )
+
+def gh_replace_labels(pr_number: str, labels: list[str]) -> None:
+    """Replace all labels on a pull request with the specified labels."""
+    payload = json.dumps({"labels": labels})
+    subprocess.run(
+        ["gh", "api", "repos/{owner}/{repo}/issues/" + pr_number, "-X", "PATCH", "--silent", "--input", "-"],
+        input=payload,
+        text=True,
+        check=True
+    )
+
+def label_filepaths(changed_files: list[str], path_patterns: dict) -> list[str]:
+    """Check changed files against path patterns and return labels to apply."""
+    if not changed_files:
+        return []
+
+    labels_to_apply = set()  # Use set to avoid duplicates
+
+    for label, patterns in path_patterns.items():
+        for file in changed_files:
+            if any(file.startswith(pattern) for pattern in patterns):
+                print(f"👀 File '{file}' matches pattern for label '{label}'")
+                labels_to_apply.add(label)
+                break
+
+    if "app:shared" in labels_to_apply:
+        labels_to_apply.add("app:password-manager")
+        labels_to_apply.add("app:authenticator")
+        labels_to_apply.remove("app:shared")
+
+    if not labels_to_apply:
+        print("::notice::No matching file paths found.")
+
+    return list(labels_to_apply)
+
+def label_title(pr_title: str, title_patterns: dict) -> list[str]:
+    """Check PR title against patterns and return labels to apply."""
+    if not pr_title:
+        return []
+
+    labels_to_apply = set()
+    title_lower = pr_title.lower()
+    for label, patterns in title_patterns.items():
+        for pattern in patterns:
+            # Check for pattern with : or ( suffix (conventional commits format)
+            if f"{pattern}:" in title_lower or f"{pattern}(" in title_lower:
+                print(f"📝 Title matches pattern '{pattern}' for label '{label}'")
+                labels_to_apply.add(label)
+                break
+
+    if not labels_to_apply:
+        print("::notice::No matching title patterns found.")
+
+    return list(labels_to_apply)
+
+def parse_pr_labels(pr_labels_str: str) -> list[str]:
+    """Parse PR labels from JSON array string."""
+    try:
+        labels = json.loads(pr_labels_str)
+        if not isinstance(labels, list):
+            print("::warning::Failed to parse PR labels: not a list")
+            return []
+        return [item.get("name") for item in labels if item.get("name")]
+    except (json.JSONDecodeError, TypeError) as e:
+        print(f"::error::Error parsing PR labels: {e}")
+        return []
+
+def get_preserved_labels(pr_labels_str: str) -> list[str]:
+    """Get existing PR labels that should be preserved (exclude app: and t: labels)."""
+    existing_labels = parse_pr_labels(pr_labels_str)
+    print(f"🔍 Parsed PR labels: {existing_labels}")
+    preserved_labels = [label for label in existing_labels if not (label.startswith("app:") or label.startswith("t:"))]
+    if preserved_labels:
+        print(f"🔍 Preserving existing labels: {', '.join(preserved_labels)}")
+    return preserved_labels
+
+def parse_args():
+    """Parse command line arguments."""
+    parser = argparse.ArgumentParser(
+        description="Label pull requests based on changed file paths and PR title patterns."
+    )
+    parser.add_argument(
+        "pr_number",
+        help="The pull request number"
+    )
+
+    parser.add_argument(
+        "pr_labels",
+        help="Current PR labels (JSON array)"
+    )
+
+    mode_group = parser.add_mutually_exclusive_group()
+    mode_group.add_argument(
+        "-a", "--add",
+        action="store_true",
+        help="Add labels without removing existing ones (default)"
+    )
+    mode_group.add_argument(
+        "-r", "--replace",
+        action="store_true",
+        help="Replace all existing labels"
+    )
+
+    parser.add_argument(
+        "-d", "--dry-run",
+        action="store_true",
+        help="Run without actually applying labels"
+    )
+
+    parser.add_argument(
+        "-c", "--config",
+        default=DEFAULT_CONFIG_PATH,
+        help=f"Path to JSON config file (default: {DEFAULT_CONFIG_PATH})"
+    )
+    args, unknown = parser.parse_known_args() # required to handle --dry-run passed as an empty string ("") by the workflow
+    return args
+
+def main():
+    args = parse_args()
+    config = load_config_json(args.config)
+    LABEL_TITLE_PATTERNS = config["title_patterns"]
+    LABEL_PATH_PATTERNS = config["path_patterns"]
+
+    pr_number = args.pr_number
+    mode = "replace" if args.replace else "add"
+
+    if args.dry_run:
+        print("🔍 DRY RUN MODE - Labels will not be applied")
+    print(f"📌 Labeling mode: {mode}")
+    print(f"🔍 Checking PR #{pr_number}...")
+
+    pr_title = gh_get_pr_title(pr_number)
+    print(f"📋 PR Title: {pr_title}\n")
+
+    changed_files = gh_get_changed_files(pr_number)
+    print("👀 Changed files:\n" + "\n".join(changed_files) + "\n")
+
+    filepath_labels = label_filepaths(changed_files, LABEL_PATH_PATTERNS)
+    title_labels = label_title(pr_title, LABEL_TITLE_PATTERNS)
+    all_labels = set(filepath_labels + title_labels)
+
+    if all_labels:
+        print("--------------------------------")
+        labels_str = ', '.join(sorted(all_labels))
+        if mode == "add":
+            print(f"::notice::🏷️ Adding labels: {labels_str}")
+            if not args.dry_run:
+                gh_add_labels(pr_number, list(all_labels))
+        else:
+            preserved_labels = get_preserved_labels(args.pr_labels)
+            if preserved_labels:
+                all_labels.update(preserved_labels)
+                labels_str = ', '.join(sorted(all_labels))
+            print(f"::notice::🏷️ Replacing labels with: {labels_str}")
+            if not args.dry_run:
+                gh_replace_labels(pr_number, list(all_labels))
+    else:
+        print("::warning::No matching patterns found, no labels applied.")
+
+    print("✅ Done")
+
+if __name__ == "__main__":
+    main()

.github/scripts/set-build-version.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Runs fastlane setBuildVersionInfo and appends Version Name/Number to GITHUB_STEP_SUMMARY.
+# Usage: set-build-version.sh <version_code> [version_name] [toml_path]
+
+VERSION_CODE="${1:?Usage: $0 <version_code> [version_name] [toml_path]}"
+VERSION_NAME="${2:-}"
+TOML_FILE="${3:-gradle/libs.versions.toml}"
+
+bundle exec fastlane setBuildVersionInfo \
+  versionCode:"$VERSION_CODE" \
+  versionName:"$VERSION_NAME"
+
+if [ -n "${GITHUB_STEP_SUMMARY:-}" ]; then
+    VERSION_NAME=""
+    regex='appVersionName = "([^"]+)"'
+    if [[ "$(cat "$TOML_FILE")" =~ $regex ]]; then
+        VERSION_NAME="${BASH_REMATCH[1]}"
+    fi
+    echo "Version Name: ${VERSION_NAME}" >> "$GITHUB_STEP_SUMMARY"
+    echo "Version Number: $VERSION_CODE" >> "$GITHUB_STEP_SUMMARY"
+fi

.github/workflows/_version.yml

@@ -79,7 +79,7 @@ jobs:
 
       - name: Check out repository
         if: ${{ !inputs.skip_checkout || false }}
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -167,7 +167,7 @@ jobs:
           echo '```' >> "$GITHUB_STEP_SUMMARY"
 
       - name: Upload version info artifact
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: version-info
           path: version_info.json

.github/workflows/build-authenticator.yml

@@ -21,17 +21,18 @@ on:
       distribute-to-firebase:
         description: "Optional. Distribute artifacts to Firebase."
         required: false
-        default: false
+        default: true
         type: boolean
       publish-to-play-store:
         description: "Optional. Deploy bundle artifact to Google Play Store"
         required: false
-        default: false
+        default: true
         type: boolean
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 21
+  DISTRIBUTE_TO_FIREBASE: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
+  PUBLISH_TO_PLAY_STORE: ${{ inputs.publish-to-play-store || github.event_name == 'push' }}
 
 permissions:
   contents: read
@@ -48,71 +49,10 @@ jobs:
       version_number: ${{ inputs.version-code }}
       patch_version: ${{ inputs.patch_version && '999' || '' }}
 
-  build:
-    name: Build Authenticator
-    runs-on: ubuntu-24.04
-
-    steps:
-      - name: Log inputs to job summary
-        uses: bitwarden/android/.github/actions/log-inputs@main
-        with:
-          inputs: "${{ toJson(inputs) }}"
-
-      - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
-
-      - name: Cache Gradle files
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure JDK
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
-
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
-        with:
-          bundler-cache: true
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
-      - name: Check Authenticator
-        run: bundle exec fastlane check
-
-      - name: Build Authenticator
-        run: bundle exec fastlane buildAuthenticatorDebug
-
   publish_playstore:
     name: Publish Authenticator Play Store artifacts
     needs:
       - version
-      - build
     runs-on: ubuntu-24.04
     permissions:
       id-token: write
@@ -123,21 +63,10 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
-        with:
-          bundler-cache: true
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
       - name: Log in to Azure
         uses: bitwarden/gh-actions/azure-login@main
         with:
@@ -173,7 +102,7 @@ jobs:
           --name com.bitwarden.authenticator.dev-google-services.json --file ${{ github.workspace }}/authenticator/src/debug/google-services.json --output none
 
       - name: Download Firebase credentials
-        if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
+        if: ${{ env.DISTRIBUTE_TO_FIREBASE }}
         env:
           ACCOUNT_NAME: bitwardenci
           CONTAINER_NAME: mobile
@@ -184,7 +113,7 @@ jobs:
           --name authenticator_play_firebase-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json --output none
 
       - name: Download Play Store credentials
-        if: ${{ inputs.publish-to-play-store }}
+        if: ${{ env.PUBLISH_TO_PLAY_STORE }}
         env:
           ACCOUNT_NAME: bitwardenci
           CONTAINER_NAME: mobile
@@ -197,40 +126,15 @@ jobs:
       - name: AZ Logout
         uses: bitwarden/gh-actions/azure-logout@main
 
+      - name: Setup Android Build
+        uses: ./.github/actions/setup-android-build
+
       - name: Verify Play Store credentials
-        if: ${{ inputs.publish-to-play-store }}
+        if: ${{ env.PUBLISH_TO_PLAY_STORE }}
         run: |
           bundle exec fastlane run validate_play_store_json_key \
           json_key:"${{ github.workspace }}/secrets/authenticator_play_store-creds.json"
 
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
-
-      - name: Cache Gradle files
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure JDK
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
-
       - name: Update app CI Build info
         run: |
           ./scripts/update_app_ci_build_info.sh \
@@ -242,22 +146,9 @@ jobs:
 
       - name: Increment version
         env:
-          DEFAULT_VERSION_CODE: ${{ github.run_number }}
-          INPUT_VERSION_CODE: "${{ needs.version.outputs.version_number }}"
-          INPUT_VERSION_NAME: ${{ needs.version.outputs.version_name }}
-        run: |
-          VERSION_CODE="${INPUT_VERSION_CODE:-$DEFAULT_VERSION_CODE}"
-          VERSION_NAME_INPUT="${INPUT_VERSION_NAME:-}"
-          bundle exec fastlane setBuildVersionInfo \
-          versionCode:"$VERSION_CODE" \
-          versionName:"$VERSION_NAME_INPUT"
-
-          regex='appVersionName = "([^"]+)"'
-          if [[ "$(cat gradle/libs.versions.toml)" =~ $regex ]]; then
-            VERSION_NAME="${BASH_REMATCH[1]}"
-          fi
-          echo "Version Name: ${VERSION_NAME}" >> "$GITHUB_STEP_SUMMARY"
-          echo "Version Number: $VERSION_CODE" >> "$GITHUB_STEP_SUMMARY"
+          VERSION_CODE: ${{ needs.version.outputs.version_number || github.run_number }}
+          VERSION_NAME: ${{ needs.version.outputs.version_name }}
+        run: ./.github/scripts/set-build-version.sh "$VERSION_CODE" "$VERSION_NAME"
 
       - name: Generate release Play Store bundle
         if: ${{ matrix.variant == 'aab' }}
@@ -283,17 +174,17 @@ jobs:
           keyAlias:"bitwardenauthenticator" \
           keyPassword:"$KEY_PASSWORD"
 
-      - name: Upload release Play Store .aab artifact
+      - name: Upload to GitHub Artifacts - prod.aab
         if: ${{ matrix.variant == 'aab' }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.bitwarden.authenticator.aab
           path: authenticator/build/outputs/bundle/release/com.bitwarden.authenticator.aab
           if-no-files-found: error
 
-      - name: Upload release .apk artifact
+      - name: Upload to GitHub Artifacts - prod.apk
         if: ${{ matrix.variant == 'apk' }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.bitwarden.authenticator.apk
           path: authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk
@@ -311,38 +202,36 @@ jobs:
           sha256sum "authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk" \
             > ./authenticator-android-apk-sha256.txt
 
-      - name: Upload .apk SHA file for release
+      - name: Upload to GitHub Artifacts - prod.apk-sha256.txt
         if: ${{ matrix.variant == 'apk' }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: authenticator-android-apk-sha256.txt
           path: ./authenticator-android-apk-sha256.txt
           if-no-files-found: error
 
-      - name: Upload .aab SHA file for release
+      - name: Upload to GitHub Artifacts - prod.aab-sha256.txt
         if: ${{ matrix.variant == 'aab' }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: authenticator-android-aab-sha256.txt
           path: ./authenticator-android-aab-sha256.txt
           if-no-files-found: error
 
       - name: Install Firebase app distribution plugin
-        if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
+        if: ${{ matrix.variant == 'aab' && env.DISTRIBUTE_TO_FIREBASE }}
         run: bundle exec fastlane add_plugin firebase_app_distribution
 
-      - name: Publish release bundle to Firebase
-        if: ${{ matrix.variant == 'aab' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
+      - name: Distribute to Firebase - prod.aab
+        if: ${{ matrix.variant == 'aab' && env.DISTRIBUTE_TO_FIREBASE }}
         env:
           FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json
         run: |
           bundle exec fastlane distributeAuthenticatorReleaseBundleToFirebase \
           serviceCredentialsFile:"$FIREBASE_CREDS_PATH"
 
-      # Only publish bundles to Play Store when `publish-to-play-store` is true while building
-      # bundles
-      - name: Publish release bundle to Google Play Store
-        if: ${{ inputs.publish-to-play-store && matrix.variant == 'aab' }}
+      - name: Publish to Play Store - prod.aab
+        if: ${{ matrix.variant == 'aab' && env.PUBLISH_TO_PLAY_STORE }}
         env:
           PLAY_STORE_CREDS_FILE: ${{ github.workspace }}/secrets/authenticator_play_store-creds.json
         run: |

.github/workflows/build-testharness.yml

@@ -0,0 +1,84 @@
+name: Build Test Harness
+
+on:
+  push:
+    paths:
+      - testharness/**
+  workflow_dispatch:
+    inputs:
+      version-name:
+        description: "Optional. Version string to use, in X.Y.Z format. Overrides default in the project."
+        required: false
+        type: string
+      version-code:
+        description: "Optional. Build number to use. Overrides default of GitHub run number."
+        required: false
+        type: number
+      patch_version:
+        description: "Order 999 - Overrides Patch version"
+        type: boolean
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:
+  version:
+    name: Calculate Version Name and Number
+    uses: bitwarden/android/.github/workflows/_version.yml@main
+    with:
+      app_codename: "bwpm"
+      base_version_number: 0
+      version_name: ${{ inputs.version-name }}
+      version_number: ${{ inputs.version-code }}
+      patch_version: ${{ inputs.patch_version && '999' || '' }}
+
+  build:
+    name: Build Test Harness
+    runs-on: ubuntu-24.04
+    needs: version
+
+    steps:
+      - name: Log inputs to job summary
+        uses: bitwarden/android/.github/actions/log-inputs@main
+        with:
+          inputs: "${{ toJson(inputs) }}"
+
+      - name: Check out repo
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+
+      - name: Setup Android Build
+        uses: ./.github/actions/setup-android-build
+
+      - name: Increment version
+        env:
+          VERSION_CODE: ${{ needs.version.outputs.version_number || github.run_number }}
+          VERSION_NAME: ${{ needs.version.outputs.version_name }}
+        run: ./.github/scripts/set-build-version.sh "$VERSION_CODE" "$VERSION_NAME"
+
+      - name: Build Test Harness Debug APK
+        run: ./gradlew :testharness:assembleDebug
+
+      - name: Upload Test Harness APK
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        with:
+          name: com.bitwarden.testharness.dev-debug.apk
+          path: testharness/build/outputs/apk/debug/com.bitwarden.testharness.dev.apk
+          if-no-files-found: error
+
+      - name: Create checksum for Test Harness APK
+        run: |
+          sha256sum "testharness/build/outputs/apk/debug/com.bitwarden.testharness.dev.apk" \
+            > ./com.bitwarden.testharness.dev.apk-sha256.txt
+
+      - name: Upload Test Harness SHA file
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        with:
+          name: com.bitwarden.testharness.dev.apk-sha256.txt
+          path: ./com.bitwarden.testharness.dev.apk-sha256.txt
+          if-no-files-found: error

.github/workflows/build.yml

@@ -31,8 +31,9 @@ on:
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 21
   GITHUB_ACTION_RUN_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+  DISTRIBUTE_TO_FIREBASE: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
+  PUBLISH_TO_PLAY_STORE: ${{ inputs.publish-to-play-store || github.event_name == 'push' }}
 
 permissions:
   contents: read
@@ -50,78 +51,10 @@ jobs:
       version_number: ${{ inputs.version-code }}
       patch_version: ${{ inputs.patch_version && '999' || '' }}
 
-  build:
-    name: Build
-    runs-on: ubuntu-24.04
-
-    steps:
-      - name: Log inputs to job summary
-        uses: bitwarden/android/.github/actions/log-inputs@main
-        with:
-          inputs: "${{ toJson(inputs) }}"
-
-      - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
-
-      - name: Cache Gradle files
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure JDK
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
-
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
-        with:
-          bundler-cache: true
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
-      - name: Check
-        run: bundle exec fastlane check
-
-      - name: Build
-        run: bundle exec fastlane assembleDebugApks
-
-      - name: Upload test reports on failure
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
-        if: failure()
-        with:
-          name: test-reports
-          path: app/build/reports/tests/
-
   publish_playstore:
     name: Publish Play Store artifacts
     needs:
       - version
-      - build
     runs-on: ubuntu-24.04
     permissions:
       id-token: write
@@ -132,21 +65,10 @@ jobs:
         artifact: ["apk", "aab"]
     steps:
       - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
-        with:
-          bundler-cache: true
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
       - name: Log in to Azure
         uses: bitwarden/gh-actions/azure-login@main
         with:
@@ -186,7 +108,7 @@ jobs:
           --name google-services.json --file ${{ github.workspace }}/app/src/standardBeta/google-services.json --output none
 
       - name: Download Firebase credentials
-        if: ${{ matrix.variant == 'prod' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
+        if: ${{ matrix.variant == 'prod' && env.DISTRIBUTE_TO_FIREBASE }}
         env:
           ACCOUNT_NAME: bitwardenci
           CONTAINER_NAME: mobile
@@ -199,33 +121,8 @@ jobs:
       - name: Log out from Azure
         uses: bitwarden/gh-actions/azure-logout@main
 
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
-
-      - name: Cache Gradle files
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure JDK
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
+      - name: Setup Android Build
+        uses: ./.github/actions/setup-android-build
 
       - name: Update app CI Build info
         run: |
@@ -238,13 +135,9 @@ jobs:
 
       - name: Increment version
         env:
-          VERSION_CODE: ${{ needs.version.outputs.version_number }}
+          VERSION_CODE: ${{ needs.version.outputs.version_number || github.run_number }}
           VERSION_NAME: ${{ needs.version.outputs.version_name }}
-        run: |
-          VERSION_CODE="${VERSION_CODE:-$GITHUB_RUN_NUMBER}"
-          bundle exec fastlane setBuildVersionInfo \
-          versionCode:$VERSION_CODE \
-          versionName:$VERSION_NAME
+        run: ./.github/scripts/set-build-version.sh "$VERSION_CODE" "$VERSION_NAME"
 
       - name: Generate release Play Store bundle
         if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' }}
@@ -297,42 +190,42 @@ jobs:
         run: |
           bundle exec fastlane assembleDebugApks
 
-      - name: Upload release Play Store .aab artifact
+      - name: Upload to GitHub Artifacts - prod.aab
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.aab
           path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden.aab
           if-no-files-found: error
 
-      - name: Upload beta Play Store .aab artifact
+      - name: Upload to GitHub Artifacts - beta.aab
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.beta.aab
           path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden.beta.aab
           if-no-files-found: error
 
-      - name: Upload release .apk artifact
+      - name: Upload to GitHub Artifacts - prod.apk
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.apk
           path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden.apk
           if-no-files-found: error
 
-      - name: Upload beta .apk artifact
+      - name: Upload to GitHub Artifacts - beta.apk
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.beta.apk
           path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden.beta.apk
           if-no-files-found: error
 
       # When building variants other than 'prod'
-      - name: Upload debug .apk artifact
+      - name: Upload to GitHub Artifacts - dev.apk
         if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.${{ matrix.variant }}.apk
           path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk
@@ -368,52 +261,52 @@ jobs:
           sha256sum "app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk" \
            > ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
 
-      - name: Upload .apk SHA file for release
+      - name: Upload to GitHub Artifacts - prod.apk-sha256.txt
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.apk-sha256.txt
           path: ./com.x8bit.bitwarden.apk-sha256.txt
           if-no-files-found: error
 
-      - name: Upload .apk SHA file for beta
+      - name: Upload to GitHub Artifacts - beta.apk-sha256.txt
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.beta.apk-sha256.txt
           path: ./com.x8bit.bitwarden.beta.apk-sha256.txt
           if-no-files-found: error
 
-      - name: Upload .aab SHA file for release
+      - name: Upload to GitHub Artifacts - prod.aab-sha256.txt
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.aab-sha256.txt
           path: ./com.x8bit.bitwarden.aab-sha256.txt
           if-no-files-found: error
 
-      - name: Upload .aab SHA file for beta
+      - name: Upload to GitHub Artifacts - beta.aab-sha256.txt
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.beta.aab-sha256.txt
           path: ./com.x8bit.bitwarden.beta.aab-sha256.txt
           if-no-files-found: error
 
-      - name: Upload .apk SHA file for debug
+      - name: Upload to GitHub Artifacts - debug.apk-sha256.txt
         if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
           path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
           if-no-files-found: error
 
       - name: Install Firebase app distribution plugin
-        if: ${{ matrix.variant == 'prod' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
+        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && env.DISTRIBUTE_TO_FIREBASE }}
         run: bundle exec fastlane add_plugin firebase_app_distribution
 
-      - name: Publish release artifacts to Firebase
-        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
+      - name: Distribute to Firebase - prod.apk
+        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && env.DISTRIBUTE_TO_FIREBASE }}
         env:
           APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json
         run: |
@@ -421,8 +314,8 @@ jobs:
           actionUrl:$GITHUB_ACTION_RUN_URL \
           service_credentials_file:$APP_PLAY_FIREBASE_CREDS_PATH
 
-      - name: Publish beta artifacts to Firebase
-        if: ${{ (matrix.variant == 'prod' && matrix.artifact == 'apk') && (inputs.distribute-to-firebase || github.event_name == 'push') }}
+      - name: Distribute to Firebase - beta.apk
+        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && env.DISTRIBUTE_TO_FIREBASE }}
         env:
           APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json
         run: |
@@ -431,12 +324,12 @@ jobs:
           service_credentials_file:$APP_PLAY_FIREBASE_CREDS_PATH
 
       - name: Verify Play Store credentials
-        if: ${{ matrix.variant == 'prod' && inputs.publish-to-play-store }}
+        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && env.PUBLISH_TO_PLAY_STORE }}
         run: |
           bundle exec fastlane run validate_play_store_json_key
 
-      - name: Publish Play Store bundle
-        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && (inputs.publish-to-play-store || github.event_name == 'push') }}
+      - name: Publish to Play Store - prod.aab
+        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && env.PUBLISH_TO_PLAY_STORE }}
         run: |
           bundle exec fastlane publishProdToPlayStore
           bundle exec fastlane publishBetaToPlayStore
@@ -445,27 +338,15 @@ jobs:
     name: Publish F-Droid artifacts
     needs:
       - version
-      - build
     runs-on: ubuntu-24.04
     permissions:
       id-token: write
     steps:
       - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
-        with:
-          bundler-cache: true
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
       - name: Log in to Azure
         uses: bitwarden/gh-actions/azure-login@main
         with:
@@ -491,7 +372,7 @@ jobs:
           --name app_beta_fdroid-keystore.jks --file ${{ github.workspace }}/keystores/app_beta_fdroid-keystore.jks --output none
 
       - name: Download Firebase credentials
-        if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
+        if: ${{ env.DISTRIBUTE_TO_FIREBASE }}
         env:
           ACCOUNT_NAME: bitwardenci
           CONTAINER_NAME: mobile
@@ -504,33 +385,8 @@ jobs:
       - name: Log out from Azure
         uses: bitwarden/gh-actions/azure-logout@main
 
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
-
-      - name: Cache Gradle files
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure JDK
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
+      - name: Setup Android Build
+        uses: ./.github/actions/setup-android-build
 
       - name: Update app CI Build info
         run: |
@@ -543,20 +399,9 @@ jobs:
 
       - name: Increment version
         env:
-          VERSION_CODE: ${{ needs.version.outputs.version_number }}
+          VERSION_CODE: ${{ needs.version.outputs.version_number || github.run_number }}
           VERSION_NAME: ${{ needs.version.outputs.version_name }}
-        run: |
-          VERSION_CODE="${VERSION_CODE:-$GITHUB_RUN_NUMBER}"
-          bundle exec fastlane setBuildVersionInfo \
-          versionCode:$VERSION_CODE \
-          versionName:$VERSION_NAME
-
-          regex='appVersionName = "([^"]+)"'
-          if [[ "$(cat gradle/libs.versions.toml)" =~ $regex ]]; then
-            VERSION_NAME="${BASH_REMATCH[1]}"
-          fi
-          echo "Version Name: ${VERSION_NAME}" >> "$GITHUB_STEP_SUMMARY"
-          echo "Version Number: $VERSION_CODE" >> "$GITHUB_STEP_SUMMARY"
+        run: ./.github/scripts/set-build-version.sh "$VERSION_CODE" "$VERSION_NAME"
       - name: Generate F-Droid artifacts
         env:
           FDROID_STORE_PASSWORD: ${{ steps.get-kv-secrets.outputs.FDROID-KEYSTORE-PASSWORD }}
@@ -578,8 +423,8 @@ jobs:
           keyAlias:bitwarden-beta \
           keyPassword:$FDROID_BETA_KEY_PASSWORD
 
-      - name: Upload F-Droid .apk artifact
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      - name: Upload to GitHub Artifacts - fdroid.apk
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden-fdroid.apk
           path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk
@@ -590,15 +435,15 @@ jobs:
           sha256sum "app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk" \
           > ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
 
-      - name: Upload F-Droid SHA file
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      - name: Upload to GitHub Artifacts - fdroid.apk-sha256.txt
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden-fdroid.apk-sha256.txt
           path: ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
           if-no-files-found: error
 
-      - name: Upload F-Droid Beta .apk artifact
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      - name: Upload to GitHub Artifacts - beta.fdroid.apk
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.beta-fdroid.apk
           path: app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk
@@ -609,19 +454,19 @@ jobs:
           sha256sum "app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk" \
           > ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
 
-      - name: Upload F-Droid Beta SHA file
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      - name: Upload to GitHub Artifacts - beta.fdroid.apk-sha256.txt
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
           path: ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
           if-no-files-found: error
 
       - name: Install Firebase app distribution plugin
-        if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
+        if: ${{ env.DISTRIBUTE_TO_FIREBASE }}
         run: bundle exec fastlane add_plugin firebase_app_distribution
 
-      - name: Publish release F-Droid artifacts to Firebase
-        if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
+      - name: Distribute to Firebase - fdroid.apk
+        if: ${{ env.DISTRIBUTE_TO_FIREBASE }}
         env:
           APP_FDROID_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json
         run: |

.github/workflows/cron-sync-google-priviledged-browsers.yml

@@ -2,8 +2,8 @@ name: Cron / Sync Google Privileged Browsers List
 
 on:
   schedule:
-    # Run weekly on Monday at 00:00 UTC
-    - cron: "0 0 * * 1"
+    # Run weekly on Sunday at 00:00 UTC
+    - cron: '0 0 * * 0'
   workflow_dispatch:
 
 env:
@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: true
 
@@ -96,4 +96,4 @@ jobs:
             --base main \
             --head "$BRANCH_NAME" \
             --label "automated-pr" \
-            --label "t:ci"
+            --label "t:deps"

.github/workflows/crowdin-pull.yml

@@ -4,19 +4,21 @@ run-name: Crowdin Pull - ${{ github.event_name == 'workflow_dispatch' && 'Manual
 on:
   workflow_dispatch:
   schedule:
-    - cron: "0 0 * * 5"
+    # Run weekly on Sunday at 00:00 UTC
+    - cron: '0 0 * * 0'
+    
+permissions: {}
 
 jobs:
   crowdin-sync:
     name: Crowdin Pull - ${{ github.event_name }}
     runs-on: ubuntu-24.04
     permissions:
-      contents: write
-      pull-requests: write
+      contents: read
       id-token: write
     steps:
       - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
@@ -50,6 +52,8 @@ jobs:
         with:
           app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
           private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+          permission-contents: write      # for creating and pushing a new branch
+          permission-pull-requests: write # for creating pull request
 
       - name: Download translations
         uses: crowdin/github-action@0749939f635900a2521aa6aac7a3766642b2dc71 # v2.11.0
@@ -69,5 +73,6 @@ jobs:
           create_pull_request: true
           pull_request_title: "Crowdin Pull"
           pull_request_body: ":inbox_tray: New translations received!"
+          pull_request_labels: "automated-pr, t:misc"
           gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
           gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}

.github/workflows/crowdin-push.yml

@@ -16,7 +16,7 @@ jobs:
       id-token: write
     steps:
       - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 

.github/workflows/github-release.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Check out repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           fetch-depth: 0
           persist-credentials: true
@@ -183,11 +183,15 @@ jobs:
           _JIRA_API_EMAIL: ${{ steps.get-kv-secrets.outputs.JIRA-API-EMAIL }}
           _JIRA_API_TOKEN: ${{ steps.get-kv-secrets.outputs.JIRA-API-TOKEN }}
         run: |
-          echo "Getting product release notes"
-          product_release_notes=$(python3 .github/scripts/jira-get-release-notes/jira_release_notes.py "$_RELEASE_TICKET_ID" "$_JIRA_API_EMAIL" "$_JIRA_API_TOKEN")
+          echo "Getting product release notes..."
+          # capture output and exit code so this step continues even if we can't retrieve release notes.
+          script_exit_code=0
+          product_release_notes=$(python .github/scripts/jira-get-release-notes/jira_release_notes.py "$_RELEASE_TICKET_ID" "$_JIRA_API_EMAIL" "$_JIRA_API_TOKEN") || script_exit_code=$?
+          echo "--------------------------------"
 
-          if [[ -z "$product_release_notes" || $product_release_notes == "Error checking"* ]]; then
-            echo "::warning::Failed to fetch release notes from Jira. Output: $product_release_notes"
+          if [[ $script_exit_code -ne 0 || -z "$product_release_notes" ]]; then
+            echo "Script Output: $product_release_notes"
+            echo "::warning::Failed to fetch release notes from Jira. Check script logs for more details."
             product_release_notes="<insert product release notes here>"
           else
             echo "✅ Product release notes:"
@@ -285,5 +289,5 @@ jobs:
             echo " * :ocean: Previous tag set in the description \"Full Changelog\" link: \`$_LAST_RELEASE_TAG\`"
             echo " * :white_check_mark: Description has automated release notes and they match the commits in the release branch"
             echo "> [!NOTE]"
-            echo "> Commits directly pushed to branches without a Pull Request won't appear in the automated release notes." 
+            echo "> Commits directly pushed to branches without a Pull Request won't appear in the automated release notes."
           } >> "$GITHUB_STEP_SUMMARY"

.github/workflows/publish-github-release-bwa.yml

@@ -18,6 +18,7 @@ jobs:
       workflow_name: "publish-github-release-bwa.yml"
       credentials_filename: "authenticator_play_store-creds.json"
       project_type: android
+      make_latest: false
       check_release_command: >
         bundle exec fastlane getLatestPlayStoreVersion package_name:com.bitwarden.authenticator track:production
     secrets: inherit

.github/workflows/publish-github-release-bwpm.yml

@@ -19,6 +19,7 @@ jobs:
       workflow_name: "publish-github-release-bwpm.yml"
       credentials_filename: "play_creds.json"
       project_type: android
+      make_latest: true
       check_release_command: >
         bundle exec fastlane getLatestPlayStoreVersion package_name:com.x8bit.bitwarden track:production
     secrets: inherit

.github/workflows/publish-store.yml

@@ -73,7 +73,7 @@ jobs:
           inputs: "${{ toJson(inputs) }}"
 
       - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
       - name: Configure Ruby
@@ -83,7 +83,6 @@ jobs:
 
       - name: Install Fastlane
         run: |
-          gem install bundler:2.2.27
           bundle config path vendor/bundle
           bundle install --jobs 4 --retry 3
 

.github/workflows/release-branch.yml

@@ -22,7 +22,7 @@ jobs:
       actions: write
     steps:
       - name: Check out repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           fetch-depth: 0
           persist-credentials: true

.github/workflows/review-code.yml

@@ -2,7 +2,7 @@ name: Code Review
 
 on:
   pull_request:
-    types: [opened, synchronize, reopened, ready_for_review]
+    types: [opened, synchronize, reopened]
 
 permissions: {}
 

.github/workflows/sdlc-enforce-labels.yml

@@ -0,0 +1,64 @@
+name: SDLC / Enforce PR labels
+run-name: Enforce labels for PR ${{ github.event.pull_request.number }}
+
+on:
+  pull_request:
+    types: [labeled, unlabeled, opened, reopened, edited, synchronize]
+
+permissions: {}
+
+jobs:
+  enforce-label:
+    name: Enforce Label
+    runs-on: ubuntu-24.04
+    permissions:
+      pull-requests: read
+    steps:
+      - name: Enforce banned labels (e.g. hold, needs-qa)
+        env:
+          _HOLD_LABEL: ${{ contains(github.event.pull_request.labels.*.name, 'hold') }}
+          _NEEDS_QA_LABEL: ${{ contains(github.event.pull_request.labels.*.name, 'needs-qa') }}
+        run: |
+          if [ "$_HOLD_LABEL" = "true" ]; then
+            echo "::error::PR has banned label: hold"
+            exit 1
+          fi
+          if [ "$_NEEDS_QA_LABEL" = "true" ]; then
+            echo "::error::PR has banned label: needs-qa"
+            exit 1
+          fi
+          echo "✅ No banned labels found."
+
+      - name: Enforce exactly one Change Type (t:*) label
+        env:
+          _PR_ACTION: ${{ github.event.action }}
+          _PR_LABELS: ${{ toJSON(github.event.pull_request.labels) }}
+          _REPO: ${{ github.repository }}
+          _PR_NUMBER: ${{ github.event.pull_request.number }}
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          if [ "$_PR_ACTION" = "opened" ] || [ "$_PR_ACTION" = "reopened" ]; then
+            echo "⏳ Waiting 15s for labeler to run..."
+            sleep 15
+            _PR_LABELS=$(gh api "repos/$_REPO/pulls/$_PR_NUMBER" --jq '.labels')
+            echo "Labels fetched from PR: $_PR_LABELS"
+          fi
+          _IGNORE_FOR_RELEASE_LABEL=$(echo "$_PR_LABELS" | jq 'any(.[]; .name == "ignore-for-release")')
+          if [ "$_IGNORE_FOR_RELEASE_LABEL" = "true" ]; then
+            echo "⏭️ Skipping type label check - 'ignore-for-release' label present"
+            exit 0
+          fi
+          _T_LABEL_COUNT=$(echo "$_PR_LABELS" | jq '[.[] | select(.name | startswith("t:"))] | length')
+          case "$_T_LABEL_COUNT" in
+            1)
+              echo "✅ PR has exactly one Change Type (t:*) label"
+              ;;
+            0)
+              echo "::error::PR is missing a Change Type (t:*) label. PRs must have exactly one Change Type (t:*) label"
+              exit 1
+              ;;
+            *)
+              echo "::error::PR has $_T_LABEL_COUNT Change Type (t:*) labels. PRs must have exactly one Change Type (t:*) label"
+              exit 1
+              ;;
+          esac

.github/workflows/sdlc-gh-release-update-issue.yml

@@ -0,0 +1,37 @@
+name: SDLC / Update Linked Issues on Release
+run-name: ${{ inputs.dry-run && '(Dry Run) ' || '' }}Update Linked Issues on Release - ${{ github.event.release.name || inputs.release_url }}
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      release_url:
+        description: 'Release URL (e.g. https://github.com/owner/repo/releases/tag/v1.0.0)'
+        required: true
+      dry-run:
+        description: 'Dry run'
+        type: boolean
+        default: false
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  update-linked-issues:
+    name: Update Linked Issues
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+
+      - name: Update Linked Issues
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          _RELEASE_URL: ${{ github.event.release.html_url || inputs.release_url }}
+          _DRY_RUN: ${{ inputs.dry-run && '--dry-run' || '' }}
+        run: |
+          python3 .github/scripts/gh_release_update_issues.py "$_RELEASE_URL" $_DRY_RUN

.github/workflows/sdlc-label-pr.yml

@@ -0,0 +1,90 @@
+name: SDLC / Label PR
+run-name: Label PR ${{ github.event.pull_request.number || inputs.pr-number }}${{ github.event_name == 'workflow_dispatch' && format(' / mode "{0}" dry-run "{1}"', inputs.mode, inputs.dry-run) || '' }}
+on:
+  pull_request:
+    types: [opened, synchronize]
+  workflow_dispatch:
+    inputs:
+      pr-number:
+        description: "Pull Request Number"
+        required: true
+        type: number
+      mode:
+        description: "Labeling Mode"
+        type: choice
+        options:
+          - add
+          - replace
+        default: add
+      dry-run:
+        description: "Dry Run - Don't apply labels"
+        type: boolean
+        default: false
+
+env:
+  _PR_NUMBER: ${{ github.event.pull_request.number || inputs.pr-number }}
+
+jobs:
+  label-pr:
+    name: Label PR by Changed Files
+    runs-on: ubuntu-24.04
+    permissions:
+      pull-requests: write # required to update labels
+      contents: read
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          persist-credentials: false
+
+      - name: Determine label mode for Pull Request
+        id: label-mode
+        env:
+          GH_TOKEN: ${{ github.token }}
+          _PR_USER: ${{ github.event.pull_request.user.login }}
+          _IS_FORK: ${{ github.event.pull_request.head.repo.fork }}
+        run: |
+          # Support workflow_dispatch testing by retrieving PR data
+          if [ -z "$_PR_USER" ]; then
+            echo "👀 PR User is empty, retrieving PR data for PR #$_PR_NUMBER..."
+            PR_DATA=$(gh pr view "$_PR_NUMBER" --json author,isCrossRepository)
+            _PR_USER=$(echo "$PR_DATA" | jq -r '.author.login')
+            _IS_FORK=$(echo "$PR_DATA" | jq -r '.isCrossRepository')
+          fi
+
+          echo "📋 PR User: $_PR_USER"
+          echo "📋 Is Fork: $_IS_FORK"
+
+          # Handle PRs with labels set by other automations by adding instead of replacing
+          if [ "$_IS_FORK" = "true" ]; then
+            echo "➡️ Fork PR ($_PR_USER). Label mode: --add"
+            echo "label_mode=--add" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          if [[ "$_PR_USER" == app/* || "$_PR_USER" == *\[bot\] ]]; then
+            echo "➡️ Bot PR ($_PR_USER). Label mode: --add"
+            echo "label_mode=--add" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          echo "➡️ Normal PR. Label mode: --replace"
+          echo "label_mode=--replace" >> "$GITHUB_OUTPUT"
+
+      - name: Label PR based on changed files
+        env:
+          GH_TOKEN: ${{ github.token }}
+          _LABEL_MODE: ${{ inputs.mode && format('--{0}', inputs.mode) || steps.label-mode.outputs.label_mode }}
+          _DRY_RUN: ${{ inputs.dry-run == true && '--dry-run' || '' }}
+          _PR_LABELS: ${{ toJSON(github.event.pull_request.labels) }}
+        run: |
+          if [ -z "$_PR_LABELS" ] || [ "$_PR_LABELS" = "null" ] || [ "$_PR_LABELS" = "[]" ]; then
+            echo "🔍 No current PR labels found, retrieving PR data for PR #$_PR_NUMBER..."
+            _PR_LABELS=$(gh pr view "$_PR_NUMBER" --json labels --jq '.labels')
+          fi
+          echo "🔍 Labeling PR #$_PR_NUMBER with mode: \"$_LABEL_MODE\" and dry-run: \"$_DRY_RUN\" and current PR labels: \"$_PR_LABELS\"..."
+          echo "🐍 Running label-pr.py script..."
+          echo ""
+          python3 .github/scripts/label-pr.py "$_PR_NUMBER" "$_PR_LABELS" "$_LABEL_MODE" "$_DRY_RUN"
+

.github/workflows/sdlc-sdk-update.yml

@@ -63,7 +63,7 @@ jobs:
           permission-contents: write
 
       - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           token: ${{ steps.app-token.outputs.token }}
           fetch-depth: 0
@@ -190,7 +190,7 @@ jobs:
               --base main \
               --head "$_BRANCH_NAME" \
               --label "automated-pr" \
-              --label "t:ci")
+              --label "t:deps")
             echo "## 🚀 Created PR: $PR_URL" >> "$GITHUB_STEP_SUMMARY"
           fi
 
@@ -204,7 +204,7 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 

.github/workflows/test.yml

@@ -3,9 +3,8 @@ name: Test
 on:
   push:
     branches:
-      - "main"
-      - "rc"
-      - "hotfix-rc"
+      - main
+      - release/**/*
   pull_request:
     types: [opened, synchronize]
   merge_group:
@@ -13,105 +12,147 @@ on:
   workflow_dispatch:
 
 env:
-  _JAVA_VERSION: 21
   _GITHUB_ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}
 
 jobs:
-  test:
-    name: Test
+  test-sharded:
+    name: "Test ${{ matrix.group }}"
     runs-on: ubuntu-24.04
     permissions:
       packages: read
-      pull-requests: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - group: static-analysis
+            fastlane_method: checkLint
+            fastlane_options: ""
+          # App shards
+          - group: app-data
+            fastlane_method: testAppShard
+            fastlane_options: "--tests com.x8bit.bitwarden.data.*"
+          - group: app-ui-auth-tools
+            fastlane_method: testAppShard
+            fastlane_options: "--tests com.x8bit.bitwarden.ui.auth.* --tests com.x8bit.bitwarden.ui.tools.* --tests com.x8bit.bitwarden.ui.autofill.* --tests com.x8bit.bitwarden.ui.credentials.*"
+          - group: app-ui-platform
+            fastlane_method: testAppShard
+            fastlane_options: "--tests com.x8bit.bitwarden.ui.platform.*"
+          - group: app-ui-vault
+            fastlane_method: testAppShard
+            fastlane_options: "--tests com.x8bit.bitwarden.ui.vault.*"
+          # Authenticator
+          - group: authenticator
+            fastlane_method: testLibraries
+            fastlane_options: ":authenticator"
+          # Library shards
+          - group: lib-core-network-bridge
+            fastlane_method: testLibraries
+            fastlane_options: ":core :network :cxf :authenticatorbridge :testharness"
+          - group: lib-data-ui
+            fastlane_method: testLibraries
+            fastlane_options: ":data :ui"
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
+      - name: Setup Android Build
+        uses: ./.github/actions/setup-android-build
 
-      - name: Cache Gradle files
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
-        with:
-          bundler-cache: true
-
-      - name: Configure JDK
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env._JAVA_VERSION }}
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
-      - name: Build and test
+      - name: Run tests
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Used in settings.gradle.kts to download the SDK from GitHub Maven Packages
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          _GROUP: ${{ matrix.group }}
+          _FASTLANE_METHOD: ${{ matrix.fastlane_method }}
+          _FASTLANE_OPTIONS: ${{ matrix.fastlane_options }}
         run: |
-          bundle exec fastlane check
+          if [ "$_GROUP" = "app-ui-auth-tools" ]; then
+            _TOP_LEVEL_TESTS=$(basename -a -s .kt app/src/test/kotlin/com/x8bit/bitwarden/*Test.kt \
+              | xargs -I{} printf ' --tests com.x8bit.bitwarden.{}')
+            _FASTLANE_OPTIONS="${_FASTLANE_OPTIONS} ${_TOP_LEVEL_TESTS}"
+          fi
 
-      - name: Upload test reports
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
-        if: always()
-        with:
-          name: test-reports
-          path: |
-            build/reports/kover/reportMergedCoverage.xml
-            app/build/reports/tests/
-            authenticator/build/reports/tests/
-            authenticatorbridge/build/reports/tests/
-            core/build/reports/tests/
-            data/build/reports/tests/
-            network/build/reports/tests/
-            ui/build/reports/tests/
+          if [ "$_GROUP" = "static-analysis" ]; then
+            bundle exec fastlane "$_FASTLANE_METHOD"
+          else
+            bundle exec fastlane "$_FASTLANE_METHOD" target:"$_FASTLANE_OPTIONS"
+          fi
+
+      - name: Generate coverage report
+        if: always() && matrix.group != 'static-analysis' && (github.event_name == 'push' || github.event_name == 'pull_request')
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          bundle exec fastlane generateCoverageReport
 
       - name: Upload to codecov.io
-        id: upload-to-codecov
+        if: always() && matrix.group != 'static-analysis' && (github.event_name == 'push' || github.event_name == 'pull_request')
         uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
         continue-on-error: true
         with:
           os: linux
           files: build/reports/kover/reportMergedCoverage.xml
+          flags: ${{ matrix.group }}
           fail_ci_if_error: true
           disable_search: true
 
-      - name: Comment PR if tests failed
-        if: steps.upload-to-codecov.outcome == 'failure' && (github.event_name == 'push' || github.event_name == 'pull_request')
+      - name: Upload test reports
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        if: always()
+        with:
+          name: test-reports-${{ matrix.group }}
+          path: |
+            **/build/reports/tests/
+            app/build/reports/lint-results-*.html
+            app/build/reports/detekt/
+          if-no-files-found: warn
+
+  coverage-notify:
+    name: Coverage Notification
+    runs-on: ubuntu-24.04
+    needs: test-sharded
+    if: always() && !cancelled() && (github.event_name == 'push' || github.event_name == 'pull_request')
+    permissions:
+      pull-requests: write
+
+    steps:
+      - name: Notify Codecov that all uploads are complete
+        id: codecov-notify
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        continue-on-error: true
+        with:
+          run_command: send-notifications
+
+      - name: Comment PR if coverage notification failed
+        if: steps.codecov-notify.outcome == 'failure'
         env:
           PR_NUMBER: ${{ github.event.number }}
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           RUN_ACTOR: ${{ github.triggering_actor }}
         run: |
           echo "> [!WARNING]" >> "$GITHUB_STEP_SUMMARY"
-          echo "> Uploading code coverage report failed. Please check the \"Upload to codecov.io\" step of \"Process Test Reports\" job for more details." >> "$GITHUB_STEP_SUMMARY"
+          echo "> Uploading code coverage report failed. Please check the \"Notify Codecov\" step for more details." >> "$GITHUB_STEP_SUMMARY"
 
           if [ -n "$PR_NUMBER" ]; then
-            message=$'> [!WARNING]\n> @'$RUN_ACTOR' Uploading code coverage report failed. Please check the "Upload to codecov.io" step of [Process Test Reports job]('$_GITHUB_ACTION_RUN_URL') for more details.'
+            message=$'> [!WARNING]\n> @'$RUN_ACTOR' Uploading code coverage report failed. Please check the "Coverage Notification" step of [Test]('$_GITHUB_ACTION_RUN_URL') for more details.'
             gh pr comment --repo "$GITHUB_REPOSITORY" "$PR_NUMBER" --body "$message"
           fi
+
+  test:
+    name: Test
+    runs-on: ubuntu-24.04
+    permissions: {}
+    needs: test-sharded
+    if: always()
+    steps:
+      - name: Ensure sharded tests passed
+        env:
+          TESTS_RESULT: ${{ needs.test-sharded.result }}
+        run: |
+          if [ "$TESTS_RESULT" != "success" ]; then
+            echo "❌ Tests failed"
+            exit 1
+          fi
+          echo "✅ All tests passed!"

.husky/pre-commit

@@ -1 +0,0 @@
-npx lint-staged

Gemfile

@@ -14,5 +14,8 @@ gem 'logger'
 gem 'mutex_m'
 gem 'csv'
 
+# Since ruby 3.4.1 these are not included in the standard library
+gem 'nkf'
+
 # Starting with Ruby 3.5.0, these are not included in the standard library
 gem 'ostruct'

Gemfile.lock

@@ -1,18 +1,15 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (3.0.7)
-      base64
-      nkf
-      rexml
+    CFPropertyList (3.0.8)
     abbrev (0.1.2)
-    addressable (2.8.7)
-      public_suffix (>= 2.0.2, < 7.0)
+    addressable (2.8.9)
+      public_suffix (>= 2.0.2, < 8.0)
     artifactory (3.0.17)
     atomos (0.1.3)
     aws-eventstream (1.4.0)
-    aws-partitions (1.1181.0)
-    aws-sdk-core (3.236.0)
+    aws-partitions (1.1226.0)
+    aws-sdk-core (3.243.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
@@ -20,25 +17,25 @@ GEM
       bigdecimal
       jmespath (~> 1, >= 1.6.1)
       logger
-    aws-sdk-kms (1.117.0)
-      aws-sdk-core (~> 3, >= 3.234.0)
+    aws-sdk-kms (1.122.0)
+      aws-sdk-core (~> 3, >= 3.241.4)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.203.0)
-      aws-sdk-core (~> 3, >= 3.234.0)
+    aws-sdk-s3 (1.216.0)
+      aws-sdk-core (~> 3, >= 3.243.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
     aws-sigv4 (1.12.1)
       aws-eventstream (~> 1, >= 1.0.2)
     babosa (1.0.4)
     base64 (0.3.0)
-    bigdecimal (3.3.1)
+    bigdecimal (4.0.1)
     claide (1.1.0)
     colored (1.2)
     colored2 (3.1.2)
     commander (4.6.0)
       highline (~> 2.0.0)
     csv (3.3.5)
-    date (3.5.0)
+    date (3.5.1)
     declarative (0.0.20)
     digest-crc (0.7.0)
       rake (>= 12.0.0, < 14.0.0)
@@ -46,7 +43,7 @@ GEM
     dotenv (2.8.1)
     emoji_regex (3.2.3)
     excon (0.112.0)
-    faraday (1.10.4)
+    faraday (1.10.5)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
       faraday-excon (~> 1.1)
@@ -58,25 +55,26 @@ GEM
       faraday-rack (~> 1.0)
       faraday-retry (~> 1.0)
       ruby2_keywords (>= 0.0.4)
-    faraday-cookie_jar (0.0.7)
+    faraday-cookie_jar (0.0.8)
       faraday (>= 0.8.0)
-      http-cookie (~> 1.0.0)
+      http-cookie (>= 1.0.0)
     faraday-em_http (1.0.0)
     faraday-em_synchrony (1.0.1)
     faraday-excon (1.1.0)
     faraday-httpclient (1.0.1)
-    faraday-multipart (1.1.1)
+    faraday-multipart (1.2.0)
       multipart-post (~> 2.0)
     faraday-net_http (1.0.2)
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
-    faraday-retry (1.0.3)
+    faraday-retry (1.0.4)
     faraday_middleware (1.2.1)
       faraday (~> 1.0)
-    fastimage (2.4.0)
-    fastlane (2.228.0)
+    fastimage (2.4.1)
+    fastlane (2.229.0)
       CFPropertyList (>= 2.3, < 4.0.0)
+      abbrev (~> 0.1.2)
       addressable (>= 2.8, < 3.0.0)
       artifactory (~> 3.0)
       aws-sdk-s3 (~> 1.0)
@@ -84,6 +82,7 @@ GEM
       bundler (>= 1.12.0, < 3.0.0)
       colored (~> 1.2)
       commander (~> 4.6)
+      csv (~> 3.3)
       dotenv (>= 2.1.1, < 3.0.0)
       emoji_regex (>= 0.1, < 4.0)
       excon (>= 0.71.0, < 1.0.0)
@@ -103,6 +102,7 @@ GEM
       jwt (>= 2.1.0, < 3)
       mini_magick (>= 4.9.4, < 5.0.0)
       multipart-post (>= 2.0.0, < 3.0.0)
+      mutex_m (~> 0.3.0)
       naturally (~> 2.2)
       optparse (>= 0.1.1, < 1.0.0)
       plist (>= 3.1.0, < 4.0.0)
@@ -169,29 +169,29 @@ GEM
     httpclient (2.9.0)
       mutex_m
     jmespath (1.6.2)
-    json (2.16.0)
+    json (2.19.1)
     jwt (2.10.2)
       base64
     logger (1.7.0)
     mini_magick (4.13.2)
     mini_mime (1.1.5)
-    multi_json (1.17.0)
+    multi_json (1.19.1)
     multipart-post (2.4.1)
     mutex_m (0.3.0)
     nanaimo (0.4.0)
     naturally (2.3.0)
     nkf (0.2.0)
-    optparse (0.8.0)
+    optparse (0.8.1)
     os (1.1.4)
     ostruct (0.6.3)
     plist (3.7.2)
-    public_suffix (6.0.2)
+    public_suffix (7.0.5)
     rake (13.3.1)
     representable (3.2.0)
       declarative (< 0.1.0)
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
-    retriable (3.1.2)
+    retriable (3.4.1)
     rexml (3.4.4)
     rouge (3.28.0)
     ruby2_keywords (0.0.5)
@@ -209,7 +209,7 @@ GEM
     terminal-notifier (2.0.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
-    time (0.4.1)
+    time (0.4.2)
       date
     trailblazer-option (0.1.2)
     tty-cursor (0.7.1)
@@ -241,6 +241,7 @@ DEPENDENCIES
   fastlane-plugin-firebase_app_distribution
   logger
   mutex_m
+  nkf
   ostruct
   time
 
@@ -248,4 +249,4 @@ RUBY VERSION
    ruby 3.4.2p28
 
 BUNDLED WITH
-   2.6.9
+   2.6.2

annotation/build.gradle.kts

@@ -1,17 +1,20 @@
+import com.android.build.api.dsl.LibraryExtension
 import org.jetbrains.kotlin.gradle.dsl.JvmTarget
 
 plugins {
     alias(libs.plugins.android.library)
-    alias(libs.plugins.kotlin.android)
 }
 
-android {
+configure<LibraryExtension> {
     namespace = "com.bitwarden.annotation"
-    compileSdk = libs.versions.compileSdk.get().toInt()
+    compileSdk {
+        version = release(libs.versions.compileSdk.get().toInt())
+    }
 
     defaultConfig {
-        minSdk = libs.versions.minSdkBwa.get().toInt()
-
+        minSdk {
+            version = release(libs.versions.minSdkBwa.get().toInt())
+        }
         testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
         consumerProguardFiles("consumer-rules.pro")
     }
@@ -37,6 +40,6 @@ android {
 
 kotlin {
     compilerOptions {
-        jvmTarget = JvmTarget.fromTarget(libs.versions.jvmTarget.get())
+        jvmTarget.set(JvmTarget.fromTarget(libs.versions.jvmTarget.get()))
     }
 }

annotation/proguard-rules.pro

@@ -0,0 +1,21 @@
+# Add project specific ProGuard rules here.
+# You can control the set of applied configuration files using the
+# proguardFiles setting in build.gradle.
+#
+# For more details, see
+#   http://developer.android.com/guide/developing/tools/proguard.html
+
+# If your project uses WebView with JS, uncomment the following
+# and specify the fully qualified class name to the JavaScript interface
+# class:
+#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
+#   public *;
+#}
+
+# Uncomment this to preserve the line number information for
+# debugging stack traces.
+#-keepattributes SourceFile,LineNumberTable
+
+# If you keep the line number information, uncomment this to
+# hide the original source file name.
+#-renamesourcefileattribute SourceFile

app/build.gradle.kts

@@ -1,9 +1,10 @@
-import com.android.build.gradle.internal.api.BaseVariantOutputImpl
+import com.android.build.api.dsl.ApplicationExtension
+import com.android.build.api.variant.impl.VariantOutputImpl
 import com.android.utils.cxx.io.removeExtensionIfPresent
 import com.google.firebase.crashlytics.buildtools.gradle.tasks.InjectMappingFileIdTask
 import com.google.firebase.crashlytics.buildtools.gradle.tasks.UploadMappingFileTask
 import com.google.gms.googleservices.GoogleServicesTask
-import dagger.hilt.android.plugin.util.capitalize
+import org.gradle.kotlin.dsl.support.uppercaseFirstChar
 import org.jetbrains.kotlin.gradle.dsl.JvmTarget
 import java.io.FileInputStream
 import java.util.Properties
@@ -15,7 +16,6 @@ plugins {
     // standardDebug builds in the merged manifest.
     alias(libs.plugins.crashlytics)
     alias(libs.plugins.hilt)
-    alias(libs.plugins.kotlin.android)
     alias(libs.plugins.kotlin.compose.compiler)
     alias(libs.plugins.kotlin.parcelize)
     alias(libs.plugins.kotlin.serialization)
@@ -43,27 +43,35 @@ val ciProperties = Properties().apply {
     }
 }
 
-android {
-    namespace = "com.x8bit.bitwarden"
-    compileSdk = libs.versions.compileSdk.get().toInt()
+base {
+    // Set the base archive name for publishing purposes. This is used to derive the
+    // APK and AAB artifact names when uploading to Firebase and Play Store.
+    archivesName.set("com.x8bit.bitwarden")
+}
 
-    room {
-        schemaDirectory("$projectDir/schemas")
+room {
+    schemaDirectory("$projectDir/schemas")
+}
+
+configure<ApplicationExtension> {
+    namespace = "com.x8bit.bitwarden"
+    compileSdk {
+        version = release(libs.versions.compileSdk.get().toInt())
     }
 
     defaultConfig {
         applicationId = "com.x8bit.bitwarden"
-        minSdk = libs.versions.minSdk.get().toInt()
-        targetSdk = libs.versions.targetSdk.get().toInt()
+        minSdk {
+            version = release(libs.versions.minSdk.get().toInt())
+        }
+        targetSdk {
+            version = release(libs.versions.targetSdk.get().toInt())
+        }
         versionCode = libs.versions.appVersionCode.get().toInt()
         versionName = libs.versions.appVersionName.get()
 
         testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
 
-        // Set the base archive name for publishing purposes. This is used to derive the APK and AAB
-        // artifact names when uploading to Firebase and Play Store.
-        base.archivesName = "com.x8bit.bitwarden"
-
         buildConfigField(
             type = "String",
             name = "CI_INFO",
@@ -141,39 +149,6 @@ android {
         }
     }
 
-    applicationVariants.all {
-        val bundlesDir = "${layout.buildDirectory.get()}/outputs/bundle"
-        outputs
-            .mapNotNull { it as? BaseVariantOutputImpl }
-            .forEach { output ->
-                val fileNameWithoutExtension = when (flavorName) {
-                    "fdroid" -> "$applicationId-$flavorName"
-                    "standard" -> "$applicationId"
-                    else -> output.outputFileName.removeExtensionIfPresent(".apk")
-                }
-
-                // Set the APK output filename.
-                output.outputFileName = "$fileNameWithoutExtension.apk"
-
-                val variantName = name
-                val renameTaskName = "rename${variantName.capitalize()}AabFiles"
-                tasks.register(renameTaskName) {
-                    group = "build"
-                    description = "Renames the bundle files for $variantName variant"
-                    doLast {
-                        renameFile(
-                            "$bundlesDir/$variantName/$namespace-$flavorName-${buildType.name}.aab",
-                            "$fileNameWithoutExtension.aab",
-                        )
-                    }
-                }
-                // Force renaming task to execute after the variant is built.
-                tasks
-                    .getByName("bundle${variantName.capitalize()}")
-                    .finalizedBy(renameTaskName)
-            }
-    }
-
     compileOptions {
         sourceCompatibility(libs.versions.jvmTarget.get())
         targetCompatibility(libs.versions.jvmTarget.get())
@@ -200,9 +175,50 @@ android {
     }
 }
 
+androidComponents {
+    onVariants { appVariant ->
+        val bundlesDir = "${layout.buildDirectory.get()}/outputs/bundle"
+        val applicationId = appVariant.applicationId.get()
+        val flavorName = appVariant.flavorName
+        val variantName = appVariant.name
+        val buildType = appVariant.buildType
+        appVariant
+            .outputs
+            .mapNotNull { it as? VariantOutputImpl }
+            .forEach { output ->
+                val fileNameWithoutExtension = when (flavorName) {
+                    "fdroid" -> "$applicationId-$flavorName"
+                    "standard" -> applicationId
+                    else -> output.outputFileName.get().removeExtensionIfPresent(".apk")
+                }
+
+                // Set the APK output filename.
+                output.outputFileName.set("$fileNameWithoutExtension.apk")
+
+                val renameTaskName = "rename${variantName.uppercaseFirstChar()}AabFiles"
+                tasks.register(renameTaskName) {
+                    group = "build"
+                    description = "Renames the bundle files for $variantName variant"
+                    doLast {
+                        val namespace = appVariant.namespace.get()
+                        renameFile(
+                            "$bundlesDir/$variantName/$namespace-$flavorName-$buildType.aab",
+                            "$fileNameWithoutExtension.aab",
+                        )
+                    }
+                }
+                // Force renaming task to execute after the variant is built.
+                val bundleTaskName = "bundle${variantName.uppercaseFirstChar()}"
+                tasks
+                    .named { it == bundleTaskName }
+                    .configureEach { finalizedBy(renameTaskName) }
+            }
+    }
+}
+
 kotlin {
     compilerOptions {
-        jvmTarget = JvmTarget.fromTarget(libs.versions.jvmTarget.get())
+        jvmTarget.set(JvmTarget.fromTarget(libs.versions.jvmTarget.get()))
     }
 }
 
@@ -235,6 +251,7 @@ dependencies {
     implementation(libs.androidx.browser)
     implementation(libs.androidx.biometrics)
     implementation(libs.androidx.camera.camera2)
+    implementation(libs.androidx.camera.compose)
     implementation(platform(libs.androidx.compose.bom))
     implementation(libs.androidx.compose.animation)
     implementation(libs.androidx.compose.material3)
@@ -259,6 +276,8 @@ dependencies {
     implementation(libs.androidx.work.runtime.ktx)
     implementation(libs.bitwarden.sdk)
     implementation(libs.bumptech.glide)
+    implementation(libs.bumptech.glide.okhttp)
+    ksp(libs.bumptech.glide.compiler)
     implementation(libs.google.hilt.android)
     ksp(libs.google.hilt.compiler)
     implementation(libs.kotlinx.collections.immutable)
@@ -278,6 +297,7 @@ dependencies {
     standardImplementation(libs.google.firebase.cloud.messaging)
     standardImplementation(platform(libs.google.firebase.bom))
     standardImplementation(libs.google.firebase.crashlytics)
+    standardImplementation(libs.google.billing)
     standardImplementation(libs.google.play.review)
 
     // Pull in test fixtures from other modules
@@ -298,18 +318,6 @@ dependencies {
     testImplementation(libs.square.turbine)
 }
 
-tasks {
-    withType<Test> {
-        useJUnitPlatform()
-        maxHeapSize = "2g"
-        maxParallelForks = Runtime.getRuntime().availableProcessors()
-        jvmArgs = jvmArgs.orEmpty() + "-XX:+UseParallelGC" +
-            // Explicitly setting the user Country and Language because tests assume en-US
-            "-Duser.country=US" +
-            "-Duser.language=en"
-    }
-}
-
 afterEvaluate {
     // Disable Fdroid-specific tasks that we want to exclude
     val fdroidTasksToDisable = tasks.withType<GoogleServicesTask>() +

app/schemas/com.x8bit.bitwarden.data.platform.datasource.disk.database.PlatformDatabase/2.json

@@ -0,0 +1,70 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 2,
+    "identityHash": "2835802f9de260f6f5109c81081e9b46",
+    "entities": [
+      {
+        "tableName": "organization_events",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `user_id` TEXT NOT NULL, `organization_event_type` TEXT NOT NULL, `cipher_id` TEXT, `date` INTEGER NOT NULL, `organization_id` TEXT)",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationEventType",
+            "columnName": "organization_event_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherId",
+            "columnName": "cipher_id",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "date",
+            "columnName": "date",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": true,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_organization_events_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_organization_events_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      }
+    ],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '2835802f9de260f6f5109c81081e9b46')"
+    ]
+  }
+}

app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/9.json

@@ -0,0 +1,279 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 9,
+    "identityHash": "61353072161e3101ade140e2c4b65495",
+    "entities": [
+      {
+        "tableName": "ciphers",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `has_totp` INTEGER NOT NULL DEFAULT 1, `cipher_type` TEXT NOT NULL, `cipher_json` TEXT NOT NULL, `organization_id` TEXT, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "hasTotp",
+            "columnName": "has_totp",
+            "affinity": "INTEGER",
+            "notNull": true,
+            "defaultValue": "1"
+          },
+          {
+            "fieldPath": "cipherType",
+            "columnName": "cipher_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherJson",
+            "columnName": "cipher_json",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_ciphers_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          },
+          {
+            "name": "index_ciphers_user_id_organization_id",
+            "unique": false,
+            "columnNames": [
+              "user_id",
+              "organization_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id_organization_id` ON `${TABLE_NAME}` (`user_id`, `organization_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "collections",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `organization_id` TEXT NOT NULL, `should_hide_passwords` INTEGER NOT NULL, `name` TEXT NOT NULL, `external_id` TEXT, `read_only` INTEGER NOT NULL, `manage` INTEGER, `default_user_collection_email` TEXT, `type` TEXT NOT NULL DEFAULT '0', PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "shouldHidePasswords",
+            "columnName": "should_hide_passwords",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "externalId",
+            "columnName": "external_id",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "isReadOnly",
+            "columnName": "read_only",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "canManage",
+            "columnName": "manage",
+            "affinity": "INTEGER"
+          },
+          {
+            "fieldPath": "defaultUserCollectionEmail",
+            "columnName": "default_user_collection_email",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "type",
+            "columnName": "type",
+            "affinity": "TEXT",
+            "notNull": true,
+            "defaultValue": "'0'"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_collections_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_collections_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "domains",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`user_id` TEXT NOT NULL, `domains_json` TEXT, PRIMARY KEY(`user_id`))",
+        "fields": [
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domainsJson",
+            "columnName": "domains_json",
+            "affinity": "TEXT"
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "user_id"
+          ]
+        }
+      },
+      {
+        "tableName": "folders",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `name` TEXT, `revision_date` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT"
+          },
+          {
+            "fieldPath": "revisionDate",
+            "columnName": "revision_date",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_folders_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_folders_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      },
+      {
+        "tableName": "sends",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `send_type` TEXT NOT NULL, `send_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendType",
+            "columnName": "send_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendJson",
+            "columnName": "send_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_sends_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_sends_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ]
+      }
+    ],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '61353072161e3101ade140e2c4b65495')"
+    ]
+  }
+}

app/src/debug/res/xml/provider.xml

@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<credential-provider>
-    <capabilities>
-        <capability name="android.credentials.TYPE_PASSWORD_CREDENTIAL" />
-        <capability name="androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" />
-    </capabilities>
-</credential-provider>

app/src/fdroid/kotlin/com/x8bit/bitwarden/data/billing/manager/PlayBillingManagerImpl.kt

@@ -0,0 +1,22 @@
+package com.x8bit.bitwarden.data.billing.manager
+
+import android.content.Context
+import com.bitwarden.annotation.OmitFromCoverage
+import com.bitwarden.core.data.manager.dispatcher.DispatcherManager
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.StateFlow
+
+/**
+ * F-Droid implementation of [PlayBillingManager]. Always returns `true` since
+ * F-Droid users are eligible for the premium upgrade flow.
+ */
+@OmitFromCoverage
+@Suppress("UnusedParameter")
+class PlayBillingManagerImpl(
+    context: Context,
+    dispatcherManager: DispatcherManager,
+) : PlayBillingManager {
+
+    override val isInAppBillingSupportedFlow: StateFlow<Boolean> =
+        MutableStateFlow(true)
+}

app/src/fdroid/kotlin/com/x8bit/bitwarden/data/platform/manager/GmsManagerImpl.kt

@@ -0,0 +1,14 @@
+package com.x8bit.bitwarden.data.platform.manager
+
+import android.content.Context
+
+/**
+ * F-Droid implementation of [GmsManager]. Always returns `false` since GMS is not available.
+ */
+@Suppress("UnusedParameter")
+class GmsManagerImpl(
+    context: Context,
+) : GmsManager {
+
+    override fun isVersionAtLeast(version: Int): Boolean = false
+}

app/src/main/AndroidManifest.xml

@@ -13,6 +13,7 @@
     <uses-permission android:name="android.permission.USE_BIOMETRIC" />
     <uses-permission android:name="android.permission.NFC" />
     <uses-permission android:name="android.permission.CAMERA" />
+    <uses-permission android:name="horizons.permission.HEADSET_CAMERA" />
     <uses-permission android:name="android.permission.INTERNET" />
     <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
     <uses-permission android:name="android.permission.READ_USER_DICTIONARY" />
@@ -83,14 +84,6 @@
                 <data android:host="*.bitwarden.eu" />
                 <data android:pathPattern="/redirect-connector.*" />
             </intent-filter>
-            <intent-filter>
-                <action android:name="com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSKEY" />
-                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSKEY" />
-                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSWORD" />
-                <action android:name="com.x8bit.bitwarden.credentials.ACTION_UNLOCK_ACCOUNT" />
-
-                <category android:name="android.intent.category.DEFAULT" />
-            </intent-filter>
             <intent-filter>
                 <action android:name="android.intent.action.VIEW" />
 
@@ -118,6 +111,35 @@
             </intent-filter>
         </activity>
 
+        <!-- Credential Provider Activity for handling passkey and password credential operations.
+             This activity is NOT exported to protect against external apps attempting to extract
+             vault credentials by sending malicious intents. Only our own PendingIntents can
+             launch this activity.
+
+             This is a transparent trampoline activity that launches MainActivity for credential
+             operations and forwards results back to the Credential Manager framework.
+             Uses Theme.Translucent.NoTitleBar for invisibility while allowing normal lifecycle
+             (Theme.NoDisplay requires finish() before onResume(), incompatible with ActivityResult).
+
+             Note: Unlike AuthCallbackActivity, this does NOT use noHistory="true" because it
+             must remain in the back stack to receive the ActivityResult callback from
+             MainActivity. -->
+        <activity
+            android:name=".CredentialProviderActivity"
+            android:exported="false"
+            android:launchMode="singleTop"
+            android:theme="@android:style/Theme.Translucent.NoTitleBar">
+            <intent-filter>
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSKEY" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSKEY" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSWORD" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSWORD" />
+                <action android:name="com.x8bit.bitwarden.credentials.ACTION_UNLOCK_ACCOUNT" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+            </intent-filter>
+        </activity>
+
         <activity
             android:name=".AccessibilityActivity"
             android:exported="false"
@@ -138,6 +160,19 @@
             android:launchMode="singleTop"
             android:noHistory="true"
             android:theme="@android:style/Theme.NoDisplay">
+            <intent-filter android:autoVerify="true">
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data android:scheme="https" />
+                <data android:host="bitwarden.com" />
+                <data android:host="bitwarden.eu" />
+                <data android:pathPattern="/duo-callback" />
+                <data android:pathPattern="/sso-callback" />
+                <data android:pathPattern="/webauthn-callback" />
+            </intent-filter>
             <intent-filter>
                 <action android:name="android.intent.action.VIEW" />
 
@@ -168,6 +203,16 @@
                     android:host="webauthn-callback"
                     android:scheme="bitwarden" />
             </intent-filter>
+            <intent-filter>
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data
+                    android:host="sso-cookie-vendor"
+                    android:scheme="bitwarden" />
+            </intent-filter>
         </activity>
 
         <provider
@@ -260,7 +305,7 @@
             android:name="com.x8bit.bitwarden.AutofillTileService"
             android:exported="true"
             android:icon="@drawable/ic_notification"
-            android:label="@string/autofill_title"
+            android:label="@string/autofill_verb"
             android:permission="android.permission.BIND_QUICK_SETTINGS_TILE"
             tools:ignore="MissingClass">
             <intent-filter>

app/src/main/assets/fido2_privileged_community.json

@@ -1,5 +1,33 @@
 {
   "apps": [
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.iode.firefox",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C9:96:DA:AB:86:A8:CD:32:53:77:49:A5:EE:1D:C2:F9:84:F2:9D:43:F3:06:7D:2C:0A:54:BF:8B:BF:AB:62:C0"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "eu.weblibre.gecko",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "BB:2A:97:F5:61:53:35:C9:E5:7C:86:6F:1C:30:ED:4F:D7:D7:BD:DC:BC:BC:06:68:FE:93:A5:79:17:3D:3D:2D"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "8F:52:6E:1E:53:D6:BD:4D:FB:F4:F4:B9:3C:2A:91:EC:B5:CB:8D:A5:E1:4A:D9:4C:25:70:E1:E3:C7:13:52:7F"
+          }
+        ]
+      }
+    },
     {
       "type": "android",
       "info": {
@@ -12,18 +40,6 @@
         ]
       }
     },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.chromium.chrome",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "A8:56:48:50:79:BC:B3:57:BF:BE:69:BA:19:A9:BA:43:CD:0A:D9:AB:22:67:52:C7:80:B6:88:8A:FD:48:21:6B"
-          }
-        ]
-      }
-    },
     {
       "type": "android",
       "info": {

app/src/main/assets/fido2_privileged_google.json

@@ -815,6 +815,38 @@
           }
         ]
       }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.zoho.primeum.stable",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "A9:D6:D0:A2:AF:DB:15:84:9B:8C:D3:1D:51:FE:73:B8:E1:B1:70:BA:A5:70:C2:F8:F2:A3:F8:65:28:29:CB:BD"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.amazon.cloud9",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "2F:19:AD:EB:28:4E:B3:6F:7F:07:78:61:52:B9:A1:D1:4B:21:65:32:03:AD:0B:04:EB:BF:9C:73:AB:6D:76:25"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "70:D5:68:EC:6A:E6:F3:38:BC:1A:63:99:A6:53:7E:E0:69:08:CA:1D:72:FB:8F:F0:48:74:AB:95:43:3B:25:0E"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "7C:AC:39:19:37:98:1B:61:34:BD:CE:1F:D9:83:4C:25:31:81:F5:AB:F9:1D:ED:60:78:21:0D:0F:91:AC:E3:60"
+          }
+        ]
+      }
     }
   ]
 }

app/src/main/kotlin/com/x8bit/bitwarden/AuthCallbackViewModel.kt

@@ -3,6 +3,7 @@ package com.x8bit.bitwarden
 import android.content.Intent
 import com.bitwarden.ui.platform.base.BaseViewModel
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
+import com.x8bit.bitwarden.data.auth.repository.util.getCookieCallbackResultOrNull
 import com.x8bit.bitwarden.data.auth.repository.util.getDuoCallbackTokenResult
 import com.x8bit.bitwarden.data.auth.repository.util.getSsoCallbackResult
 import com.x8bit.bitwarden.data.auth.repository.util.getWebAuthResultOrNull
@@ -28,6 +29,7 @@ class AuthCallbackViewModel @Inject constructor(
         val webAuthResult = action.intent.getWebAuthResultOrNull()
         val duoCallbackTokenResult = action.intent.getDuoCallbackTokenResult()
         val ssoCallbackResult = action.intent.getSsoCallbackResult()
+        val cookieCallbackResult = action.intent.getCookieCallbackResultOrNull()
         when {
             yubiKeyResult != null -> {
                 authRepository.setYubiKeyResult(yubiKeyResult = yubiKeyResult)
@@ -45,6 +47,12 @@ class AuthCallbackViewModel @Inject constructor(
                 )
             }
 
+            cookieCallbackResult != null -> {
+                authRepository.setCookieCallbackResult(
+                    result = cookieCallbackResult,
+                )
+            }
+
             webAuthResult != null -> {
                 authRepository.setWebAuthResult(webAuthResult = webAuthResult)
             }

app/src/main/kotlin/com/x8bit/bitwarden/BitwardenApplication.kt

@@ -6,7 +6,6 @@ import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManager
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.event.OrganizationEventManager
 import com.x8bit.bitwarden.data.platform.manager.network.NetworkConfigManager
-import com.x8bit.bitwarden.data.platform.manager.network.NetworkConnectionManager
 import com.x8bit.bitwarden.data.platform.manager.restriction.RestrictionManager
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
 import dagger.hilt.android.HiltAndroidApp
@@ -24,9 +23,6 @@ class BitwardenApplication : Application() {
     @Inject
     lateinit var logsManager: LogsManager
 
-    @Inject
-    lateinit var networkConnectionManager: NetworkConnectionManager
-
     @Inject
     lateinit var networkConfigManager: NetworkConfigManager
 

app/src/main/kotlin/com/x8bit/bitwarden/CredentialProviderActivity.kt

@@ -0,0 +1,89 @@
+package com.x8bit.bitwarden
+
+import android.app.ComponentCaller
+import android.content.Intent
+import android.os.Bundle
+import androidx.activity.ComponentActivity
+import androidx.activity.result.contract.ActivityResultContracts
+import androidx.activity.viewModels
+import com.bitwarden.annotation.OmitFromCoverage
+import com.bitwarden.ui.platform.util.validate
+import com.x8bit.bitwarden.data.credentials.BitwardenCredentialProviderService
+import dagger.hilt.android.AndroidEntryPoint
+
+/**
+ * Transparent trampoline activity for handling credential provider operations.
+ *
+ * This activity is declared as `exported="false"` in the manifest to ensure only
+ * our own PendingIntents can launch it. This protects against external apps attempting
+ * to extract vault credentials by sending malicious intents via CredentialManager.
+ *
+ * All credential flows (FIDO2 passkeys, password credentials) are routed through this
+ * activity when triggered by the Android CredentialManager framework via our
+ * [BitwardenCredentialProviderService].
+ *
+ * ## Architecture
+ *
+ * This activity does not host any UI itself. It acts as a trampoline that:
+ * 1. Receives the credential intent from the CredentialManager framework
+ * 2. Sets the pending credential request via [CredentialProviderViewModel], which stores
+ *    it in `CredentialProviderRequestManager` for secure relay to [MainViewModel]
+ * 3. Launches [MainActivity] to handle the actual credential UI
+ * 4. Forwards the result back to the CredentialManager framework
+ *
+ * This preserves the single-Activity architecture where all UI is hosted by MainActivity,
+ * while still allowing the CredentialManager framework to receive results properly.
+ */
+@OmitFromCoverage
+@AndroidEntryPoint
+class CredentialProviderActivity : ComponentActivity() {
+
+    private val viewModel: CredentialProviderViewModel by viewModels()
+
+    /**
+     * Launcher for MainActivity that forwards the result back to Credential Manager.
+     */
+    private val mainActivityLauncher = registerForActivityResult(
+        ActivityResultContracts.StartActivityForResult(),
+    ) { result ->
+        // Forward result back to Credential Manager framework
+        setResult(result.resultCode, result.data)
+        finish()
+    }
+
+    override fun onCreate(savedInstanceState: Bundle?) {
+        intent = intent.validate()
+        super.onCreate(savedInstanceState)
+
+        if (savedInstanceState == null) {
+            // Process credential intent (sets pending request on CredentialProviderRequestManager)
+            viewModel.trySendAction(CredentialProviderAction.ReceiveFirstIntent(intent))
+            launchMainActivityForResult()
+        }
+        // On restoration (process death), result comes via mainActivityLauncher callback
+    }
+
+    private fun launchMainActivityForResult() {
+        val mainIntent = Intent(this, MainActivity::class.java).apply {
+            // Pending credential request is retrieved by MainViewModel from
+            // CredentialProviderRequestManager, triggering appropriate navigation.
+            // CredentialProviderCompletionManager handles setResult/finish.
+            addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP or Intent.FLAG_ACTIVITY_SINGLE_TOP)
+        }
+        mainActivityLauncher.launch(mainIntent)
+    }
+
+    override fun onNewIntent(intent: Intent) {
+        val newIntent = intent.validate()
+        super.onNewIntent(newIntent)
+        viewModel.trySendAction(CredentialProviderAction.ReceiveNewIntent(newIntent))
+        launchMainActivityForResult()
+    }
+
+    override fun onNewIntent(intent: Intent, caller: ComponentCaller) {
+        val newIntent = intent.validate()
+        super.onNewIntent(newIntent, caller)
+        viewModel.trySendAction(CredentialProviderAction.ReceiveNewIntent(newIntent))
+        launchMainActivityForResult()
+    }
+}

app/src/main/kotlin/com/x8bit/bitwarden/CredentialProviderViewModel.kt

@@ -0,0 +1,110 @@
+package com.x8bit.bitwarden
+
+import android.content.Intent
+import com.bitwarden.ui.platform.base.BaseViewModel
+import com.x8bit.bitwarden.data.auth.repository.AuthRepository
+import com.x8bit.bitwarden.data.credentials.manager.BitwardenCredentialManager
+import com.x8bit.bitwarden.data.credentials.manager.CredentialProviderRequestManager
+import com.x8bit.bitwarden.data.credentials.manager.model.CredentialProviderRequest
+import com.x8bit.bitwarden.data.credentials.model.CreateCredentialRequest
+import com.x8bit.bitwarden.data.credentials.model.Fido2CredentialAssertionRequest
+import com.x8bit.bitwarden.data.credentials.model.GetCredentialsRequest
+import com.x8bit.bitwarden.data.credentials.model.ProviderGetPasswordCredentialRequest
+import com.x8bit.bitwarden.data.credentials.util.getCreateCredentialRequestOrNull
+import com.x8bit.bitwarden.data.credentials.util.getFido2AssertionRequestOrNull
+import com.x8bit.bitwarden.data.credentials.util.getGetCredentialsRequestOrNull
+import com.x8bit.bitwarden.data.credentials.util.getProviderGetPasswordRequestOrNull
+import com.x8bit.bitwarden.ui.platform.feature.rootnav.RootNavViewModel
+import dagger.hilt.android.lifecycle.HiltViewModel
+import javax.inject.Inject
+
+/**
+ * A view model that handles credential provider operations for [CredentialProviderActivity].
+ *
+ * This ViewModel processes credential-related intents and sets the pending credential request
+ * on [CredentialProviderRequestManager] for relay to [MainViewModel]. This ensures credential
+ * data is never passed through intent extras to exported activities, providing security
+ * hardening against malicious intent attacks.
+ *
+ * Since [CredentialProviderActivity] is a transparent trampoline with no UI, this ViewModel only
+ * handles intent processing. All UI state management (theme, feature flags, auth flows) is
+ * handled by [MainActivity].
+ *
+ * @see RootNavViewModel for navigation based on SpecialCircumstance.
+ */
+@HiltViewModel
+class CredentialProviderViewModel @Inject constructor(
+    private val credentialProviderRequestManager: CredentialProviderRequestManager,
+    private val authRepository: AuthRepository,
+    private val bitwardenCredentialManager: BitwardenCredentialManager,
+) : BaseViewModel<Unit, Unit, CredentialProviderAction>(initialState = Unit) {
+
+    override fun handleAction(action: CredentialProviderAction) {
+        when (action) {
+            is CredentialProviderAction.ReceiveFirstIntent -> handleIntent(action.intent)
+            is CredentialProviderAction.ReceiveNewIntent -> handleIntent(action.intent)
+        }
+    }
+
+    private fun handleIntent(intent: Intent) {
+        intent.getCreateCredentialRequestOrNull()?.let { handleCreateCredential(it) }
+            ?: intent.getFido2AssertionRequestOrNull()?.let { handleFido2Assertion(it) }
+            ?: intent.getProviderGetPasswordRequestOrNull()?.let { handlePasswordGet(it) }
+            ?: intent.getGetCredentialsRequestOrNull()?.let { handleGetCredentials(it) }
+    }
+
+    private fun handleCreateCredential(request: CreateCredentialRequest) {
+        bitwardenCredentialManager.isUserVerified = request.isUserPreVerified
+
+        // Switch accounts if the selected user is not the active user
+        if (authRepository.activeUserId != null &&
+            authRepository.activeUserId != request.userId
+        ) {
+            authRepository.switchAccount(request.userId)
+        }
+
+        credentialProviderRequestManager.setPendingCredentialRequest(
+            CredentialProviderRequest.CreateCredential(request),
+        )
+    }
+
+    private fun handleFido2Assertion(request: Fido2CredentialAssertionRequest) {
+        // Set the user's verification status when a new FIDO 2 request is received
+        bitwardenCredentialManager.isUserVerified = request.isUserPreVerified
+
+        credentialProviderRequestManager.setPendingCredentialRequest(
+            CredentialProviderRequest.Fido2Assertion(request),
+        )
+    }
+
+    private fun handlePasswordGet(request: ProviderGetPasswordCredentialRequest) {
+        // Set the user's verification status when a new GetPassword request is received
+        bitwardenCredentialManager.isUserVerified = request.isUserPreVerified
+
+        credentialProviderRequestManager.setPendingCredentialRequest(
+            CredentialProviderRequest.GetPassword(request),
+        )
+    }
+
+    private fun handleGetCredentials(request: GetCredentialsRequest) {
+        credentialProviderRequestManager.setPendingCredentialRequest(
+            CredentialProviderRequest.GetCredentials(request),
+        )
+    }
+}
+
+/**
+ * Models actions for the [CredentialProviderViewModel].
+ */
+sealed class CredentialProviderAction {
+
+    /**
+     * Receive the first intent when the activity is created.
+     */
+    data class ReceiveFirstIntent(val intent: Intent) : CredentialProviderAction()
+
+    /**
+     * Receive a new intent when the activity receives onNewIntent.
+     */
+    data class ReceiveNewIntent(val intent: Intent) : CredentialProviderAction()
+}

app/src/main/kotlin/com/x8bit/bitwarden/MainActivity.kt

@@ -12,9 +12,11 @@ import androidx.activity.viewModels
 import androidx.appcompat.app.AppCompatActivity
 import androidx.appcompat.app.AppCompatDelegate
 import androidx.browser.auth.AuthTabIntent
+import androidx.compose.foundation.background
 import androidx.compose.runtime.Composable
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.remember
+import androidx.compose.ui.Modifier
 import androidx.core.app.ActivityCompat
 import androidx.core.os.LocaleListCompat
 import androidx.core.splashscreen.SplashScreen.Companion.installSplashScreen
@@ -33,6 +35,8 @@ import com.x8bit.bitwarden.data.platform.manager.util.ObserveScreenDataEffect
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.ui.platform.components.util.rememberBitwardenNavController
 import com.x8bit.bitwarden.ui.platform.composition.LocalManagerProvider
+import com.x8bit.bitwarden.ui.platform.feature.cookieacquisition.cookieAcquisitionDestination
+import com.x8bit.bitwarden.ui.platform.feature.cookieacquisition.navigateToCookieAcquisition
 import com.x8bit.bitwarden.ui.platform.feature.debugmenu.debugMenuDestination
 import com.x8bit.bitwarden.ui.platform.feature.debugmenu.manager.DebugMenuLaunchManager
 import com.x8bit.bitwarden.ui.platform.feature.debugmenu.navigateToDebugMenuScreen
@@ -80,6 +84,10 @@ class MainActivity : AppCompatActivity() {
         mainViewModel.trySendAction(MainAction.WebAuthnResult(it))
     }
 
+    private val cookieLauncher = AuthTabIntent.registerActivityResultLauncher(this) {
+        mainViewModel.trySendAction(MainAction.CookieAcquisitionResult(it))
+    }
+
     override fun onCreate(savedInstanceState: Bundle?) {
         intent = intent.validate()
         var shouldShowSplashScreen = true
@@ -106,6 +114,7 @@ class MainActivity : AppCompatActivity() {
                     duo = duoLauncher,
                     sso = ssoLauncher,
                     webAuthn = webAuthnLauncher,
+                    cookie = cookieLauncher,
                 ),
             ) {
                 ObserveScreenDataEffect(
@@ -120,15 +129,22 @@ class MainActivity : AppCompatActivity() {
                     NavHost(
                         navController = navController,
                         startDestination = RootNavigationRoute,
+                        modifier = Modifier
+                            .background(color = BitwardenTheme.colorScheme.background.primary),
                     ) {
-                        // Both root navigation and debug menu exist at this top level.
-                        // The debug menu can appear on top of the rest of the app without
-                        // interacting with the state-based navigation used by RootNavScreen.
+                        // Root navigation, debug menu, and cookie acquisition exist at
+                        // this top level. They can appear on top of the rest of the app
+                        // without interacting with the state-based navigation used by
+                        // RootNavScreen.
                         rootNavDestination { shouldShowSplashScreen = false }
                         debugMenuDestination(
                             onNavigateBack = { navController.popBackStack() },
                             onSplashScreenRemoved = { shouldShowSplashScreen = false },
                         )
+                        cookieAcquisitionDestination(
+                            onDismiss = { navController.popBackStack() },
+                            onSplashScreenRemoved = { shouldShowSplashScreen = false },
+                        )
                     }
                 }
             }
@@ -202,6 +218,8 @@ class MainActivity : AppCompatActivity() {
                 is MainEvent.CompleteAutofill -> handleCompleteAutofill(event)
                 MainEvent.Recreate -> handleRecreate()
                 MainEvent.NavigateToDebugMenu -> navController.navigateToDebugMenuScreen()
+                MainEvent.NavigateToCookieAcquisition -> navController.navigateToCookieAcquisition()
+
                 is MainEvent.UpdateAppLocale -> {
                     AppCompatDelegate.setApplicationLocales(
                         LocaleListCompat.forLanguageTags(event.localeName),

app/src/main/kotlin/com/x8bit/bitwarden/MainViewModel.kt

@@ -17,6 +17,7 @@ import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManager
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.auth.repository.model.EmailTokenResult
+import com.x8bit.bitwarden.data.auth.repository.util.getCookieCallbackResult
 import com.x8bit.bitwarden.data.auth.repository.util.getDuoCallbackTokenResult
 import com.x8bit.bitwarden.data.auth.repository.util.getSsoCallbackResult
 import com.x8bit.bitwarden.data.auth.repository.util.getWebAuthResult
@@ -26,12 +27,10 @@ import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilitySele
 import com.x8bit.bitwarden.data.autofill.manager.AutofillSelectionManager
 import com.x8bit.bitwarden.data.autofill.util.getAutofillSaveItemOrNull
 import com.x8bit.bitwarden.data.autofill.util.getAutofillSelectionDataOrNull
-import com.x8bit.bitwarden.data.credentials.manager.BitwardenCredentialManager
-import com.x8bit.bitwarden.data.credentials.util.getCreateCredentialRequestOrNull
-import com.x8bit.bitwarden.data.credentials.util.getFido2AssertionRequestOrNull
-import com.x8bit.bitwarden.data.credentials.util.getGetCredentialsRequestOrNull
-import com.x8bit.bitwarden.data.credentials.util.getProviderGetPasswordRequestOrNull
+import com.x8bit.bitwarden.data.credentials.manager.CredentialProviderRequestManager
+import com.x8bit.bitwarden.data.credentials.manager.model.CredentialProviderRequest
 import com.x8bit.bitwarden.data.platform.manager.AppResumeManager
+import com.x8bit.bitwarden.data.platform.manager.CookieAcquisitionRequestManager
 import com.x8bit.bitwarden.data.platform.manager.SpecialCircumstanceManager
 import com.x8bit.bitwarden.data.platform.manager.garbage.GarbageCollectionManager
 import com.x8bit.bitwarden.data.platform.manager.model.AppResumeScreenData
@@ -47,6 +46,7 @@ import com.x8bit.bitwarden.ui.platform.model.FeatureFlagsState
 import com.x8bit.bitwarden.ui.platform.util.isAccountSecurityShortcut
 import com.x8bit.bitwarden.ui.platform.util.isMyVaultShortcut
 import com.x8bit.bitwarden.ui.platform.util.isPasswordGeneratorShortcut
+import com.x8bit.bitwarden.ui.platform.util.isPremiumCheckoutCallback
 import com.x8bit.bitwarden.ui.vault.util.getTotpDataOrNull
 import dagger.hilt.android.lifecycle.HiltViewModel
 import kotlinx.coroutines.FlowPreview
@@ -54,6 +54,7 @@ import kotlinx.coroutines.flow.debounce
 import kotlinx.coroutines.flow.distinctUntilChanged
 import kotlinx.coroutines.flow.drop
 import kotlinx.coroutines.flow.filter
+import kotlinx.coroutines.flow.filterNotNull
 import kotlinx.coroutines.flow.first
 import kotlinx.coroutines.flow.launchIn
 import kotlinx.coroutines.flow.map
@@ -77,10 +78,11 @@ private const val ANIMATION_DEBOUNCE_DELAY_MS = 500L
 class MainViewModel @Inject constructor(
     accessibilitySelectionManager: AccessibilitySelectionManager,
     autofillSelectionManager: AutofillSelectionManager,
+    cookieAcquisitionRequestManager: CookieAcquisitionRequestManager,
     private val addTotpItemFromAuthenticatorManager: AddTotpItemFromAuthenticatorManager,
     private val specialCircumstanceManager: SpecialCircumstanceManager,
     private val garbageCollectionManager: GarbageCollectionManager,
-    private val bitwardenCredentialManager: BitwardenCredentialManager,
+    private val credentialProviderRequestManager: CredentialProviderRequestManager,
     private val shareManager: ShareManager,
     private val settingsRepository: SettingsRepository,
     private val vaultRepository: VaultRepository,
@@ -164,6 +166,13 @@ class MainViewModel @Inject constructor(
             .onEach(::sendAction)
             .launchIn(viewModelScope)
 
+        cookieAcquisitionRequestManager
+            .cookieAcquisitionRequestFlow
+            .filterNotNull()
+            .map { MainAction.Internal.CookieAcquisitionReady }
+            .onEach(::sendAction)
+            .launchIn(viewModelScope)
+
         // On app launch, mark all active users as having previously logged in.
         // This covers any users who are active prior to this value being recorded.
         viewModelScope.launch {
@@ -188,6 +197,7 @@ class MainViewModel @Inject constructor(
             is MainAction.DuoResult -> handleDuoResult(action)
             is MainAction.SsoResult -> handleSsoResult(action)
             is MainAction.WebAuthnResult -> handleWebAuthnResult(action)
+            is MainAction.CookieAcquisitionResult -> handleCookieAcquisitionResult(action)
             is MainAction.Internal -> handleInternalAction(action)
         }
     }
@@ -209,6 +219,7 @@ class MainViewModel @Inject constructor(
             is MainAction.Internal.ScreenCaptureUpdate -> handleScreenCaptureUpdate(action)
             is MainAction.Internal.ThemeUpdate -> handleAppThemeUpdated(action)
             is MainAction.Internal.DynamicColorsUpdate -> handleDynamicColorsUpdate(action)
+            is MainAction.Internal.CookieAcquisitionReady -> handleCookieAcquisitionReady()
         }
     }
 
@@ -230,6 +241,12 @@ class MainViewModel @Inject constructor(
         authRepository.setWebAuthResult(webAuthResult = action.authResult.getWebAuthResult())
     }
 
+    private fun handleCookieAcquisitionResult(action: MainAction.CookieAcquisitionResult) {
+        authRepository.setCookieCallbackResult(
+            result = action.cookieCallbackResult.getCookieCallbackResult(),
+        )
+    }
+
     private fun handleAppResumeDataUpdated(action: MainAction.ResumeScreenDataReceived) {
         when (val data = action.screenResumeData) {
             null -> appResumeManager.clearResumeScreen()
@@ -273,6 +290,10 @@ class MainViewModel @Inject constructor(
         mutableStateFlow.update { it.copy(isDynamicColorsEnabled = action.isDynamicColorsEnabled) }
     }
 
+    private fun handleCookieAcquisitionReady() {
+        sendEvent(MainEvent.NavigateToCookieAcquisition)
+    }
+
     private fun handleFirstIntentReceived(action: MainAction.ReceiveFirstIntent) {
         handleIntent(
             intent = action.intent,
@@ -313,12 +334,11 @@ class MainViewModel @Inject constructor(
         val hasGeneratorShortcut = intent.isPasswordGeneratorShortcut
         val hasVaultShortcut = intent.isMyVaultShortcut
         val hasAccountSecurityShortcut = intent.isAccountSecurityShortcut
+        val hasPremiumCheckoutCallback = intent.isPremiumCheckoutCallback
         val completeRegistrationData = intent.getCompleteRegistrationDataIntentOrNull()
-        val createCredentialRequest = intent.getCreateCredentialRequestOrNull()
-        val getCredentialsRequest = intent.getGetCredentialsRequestOrNull()
-        val fido2AssertCredentialRequest = intent.getFido2AssertionRequestOrNull()
-        val providerGetPasswordRequest = intent.getProviderGetPasswordRequestOrNull()
         val importCredentialsRequest = intent.getProviderImportCredentialsRequest()
+        val credentialProviderRequest =
+            credentialProviderRequestManager.getPendingCredentialRequest()
         when {
             passwordlessRequestData != null -> {
                 authRepository.activeUserId?.let {
@@ -376,57 +396,9 @@ class MainViewModel @Inject constructor(
                     )
             }
 
-            createCredentialRequest != null -> {
-                // Set the user's verification status when a new FIDO 2 request is received to force
-                // explicit verification if the user's vault is unlocked when the request is
-                // received.
-                bitwardenCredentialManager.isUserVerified =
-                    createCredentialRequest.isUserPreVerified
-
+            hasPremiumCheckoutCallback -> {
                 specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.ProviderCreateCredential(
-                        createCredentialRequest = createCredentialRequest,
-                    )
-
-                // Switch accounts if the selected user is not the active user.
-                if (authRepository.activeUserId != null &&
-                    authRepository.activeUserId != createCredentialRequest.userId
-                ) {
-                    authRepository.switchAccount(createCredentialRequest.userId)
-                }
-            }
-
-            fido2AssertCredentialRequest != null -> {
-                // Set the user's verification status when a new FIDO 2 request is received to force
-                // explicit verification if the user's vault is unlocked when the request is
-                // received.
-                bitwardenCredentialManager.isUserVerified =
-                    fido2AssertCredentialRequest.isUserPreVerified
-
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.Fido2Assertion(
-                        fido2AssertionRequest = fido2AssertCredentialRequest,
-                    )
-            }
-
-            providerGetPasswordRequest != null -> {
-                // Set the user's verification status when a new GetPassword request is
-                // received to force explicit verification if the user's vault is
-                // unlocked when the request is received.
-                bitwardenCredentialManager.isUserVerified =
-                    providerGetPasswordRequest.isUserPreVerified
-
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.ProviderGetPasswordRequest(
-                        passwordGetRequest = providerGetPasswordRequest,
-                    )
-            }
-
-            getCredentialsRequest != null -> {
-                specialCircumstanceManager.specialCircumstance =
-                    SpecialCircumstance.ProviderGetCredentials(
-                        getCredentialsRequest = getCredentialsRequest,
-                    )
+                    SpecialCircumstance.PremiumCheckoutResult
             }
 
             hasGeneratorShortcut -> {
@@ -448,10 +420,52 @@ class MainViewModel @Inject constructor(
                     SpecialCircumstance.CredentialExchangeExport(
                         data = ImportCredentialsRequestData(
                             uri = importCredentialsRequest.uri,
-                            requestJson = importCredentialsRequest.request.requestJson,
+                            credentialTypes = importCredentialsRequest.request.credentialTypes,
+                            knownExtensions = importCredentialsRequest.request.knownExtensions,
                         ),
                     )
             }
+
+            credentialProviderRequest != null -> {
+                handleCredentialRequest(credentialProviderRequest)
+            }
+        }
+    }
+
+    /**
+     * Handles a credential request relayed from [CredentialProviderActivity] via
+     * [CredentialProviderRequestManager].
+     *
+     * This method converts the [CredentialProviderRequest] into the appropriate
+     * [SpecialCircumstance] for routing by [RootNavViewModel]. The credential data is trusted
+     * because it was set by our own [CredentialProviderActivity] through the internal manager,
+     * not parsed from intent extras.
+     */
+    private fun handleCredentialRequest(request: CredentialProviderRequest) {
+        specialCircumstanceManager.specialCircumstance = when (request) {
+            is CredentialProviderRequest.CreateCredential -> {
+                SpecialCircumstance.ProviderCreateCredential(
+                    createCredentialRequest = request.request,
+                )
+            }
+
+            is CredentialProviderRequest.Fido2Assertion -> {
+                SpecialCircumstance.Fido2Assertion(
+                    fido2AssertionRequest = request.request,
+                )
+            }
+
+            is CredentialProviderRequest.GetPassword -> {
+                SpecialCircumstance.ProviderGetPasswordRequest(
+                    passwordGetRequest = request.request,
+                )
+            }
+
+            is CredentialProviderRequest.GetCredentials -> {
+                SpecialCircumstance.ProviderGetCredentials(
+                    getCredentialsRequest = request.request,
+                )
+            }
         }
     }
 
@@ -534,6 +548,13 @@ sealed class MainAction {
      */
     data class WebAuthnResult(val authResult: AuthTabIntent.AuthResult) : MainAction()
 
+    /**
+     * Receive the result from the cookie acquisition flow.
+     */
+    data class CookieAcquisitionResult(
+        val cookieCallbackResult: AuthTabIntent.AuthResult,
+    ) : MainAction()
+
     /**
      * Receive first Intent by the application.
      */
@@ -604,6 +625,12 @@ sealed class MainAction {
         data class DynamicColorsUpdate(
             val isDynamicColorsEnabled: Boolean,
         ) : Internal()
+
+        /**
+         * Indicates that the cookie acquisition conditions are met and navigation
+         * should proceed.
+         */
+        data object CookieAcquisitionReady : Internal()
     }
 }
 
@@ -633,6 +660,11 @@ sealed class MainEvent {
      */
     data object NavigateToDebugMenu : MainEvent()
 
+    /**
+     * Navigate to the cookie acquisition screen.
+     */
+    data object NavigateToCookieAcquisition : MainEvent()
+
     /**
      * Indicates that the app language has been updated.
      */

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt

@@ -124,6 +124,16 @@ interface AuthDiskSource : AppIdProvider {
      */
     fun storeUserKey(userId: String, userKey: String?)
 
+    /**
+     * Retrieves the local user data key for the given [userId].
+     */
+    fun getLocalUserDataKey(userId: String): String?
+
+    /**
+     * Stores the local user data key for a given [userId].
+     */
+    fun storeLocalUserDataKey(userId: String, wrappedKey: String?)
+
     /**
      * Retrieves a private key using a [userId].
      */
@@ -211,7 +221,7 @@ interface AuthDiskSource : AppIdProvider {
     /**
      * Gets the flow for the biometrics key for the given [userId].
      */
-    fun getUserBiometicUnlockKeyFlow(userId: String): Flow<String?>
+    fun getUserBiometricUnlockKeyFlow(userId: String): Flow<String?>
 
     /**
      * Retrieves a pin-protected user key for the given [userId].

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt

@@ -35,6 +35,7 @@ private const val REMEMBERED_ORG_IDENTIFIER_KEY = "rememberedOrgIdentifier"
 private const val STATE_KEY = "state"
 private const val INVALID_UNLOCK_ATTEMPTS_KEY = "invalidUnlockAttempts"
 private const val MASTER_KEY_ENCRYPTION_USER_KEY = "masterKeyEncryptedUserKey"
+private const val LOCAL_USER_DATA_KEY = "localUserDataKey"
 private const val MASTER_KEY_ENCRYPTION_PRIVATE_KEY = "encPrivateKey"
 private const val PIN_PROTECTED_USER_KEY_KEY = "pinKeyEncryptedUserKey"
 private const val PIN_PROTECTED_USER_KEY_KEY_ENVELOPE = "pinKeyEncryptedUserKeyEnvelope"
@@ -144,10 +145,8 @@ class AuthDiskSourceImpl(
     override fun clearData(userId: String) {
         storeInvalidUnlockAttempts(userId = userId, invalidUnlockAttempts = null)
         storeUserKey(userId = userId, userKey = null)
+        storeLocalUserDataKey(userId = userId, wrappedKey = null)
         storeUserAutoUnlockKey(userId = userId, userAutoUnlockKey = null)
-        storePinProtectedUserKey(userId = userId, pinProtectedUserKey = null)
-        storePinProtectedUserKeyEnvelope(userId = userId, pinProtectedUserKeyEnvelope = null)
-        storeEncryptedPin(userId = userId, encryptedPin = null)
         storePrivateKey(userId = userId, privateKey = null)
         storeAccountKeys(userId = userId, accountKeys = null)
         storeOrganizationKeys(userId = userId, organizationKeys = null)
@@ -162,10 +161,14 @@ class AuthDiskSourceImpl(
         storeAuthenticatorSyncUnlockKey(userId = userId, authenticatorSyncUnlockKey = null)
         storeShowImportLogins(userId = userId, showImportLogins = null)
         storeLastLockTimestamp(userId = userId, lastLockTimestamp = null)
+        storeEncryptedPin(userId = userId, encryptedPin = null)
+        storePinProtectedUserKey(userId = userId, pinProtectedUserKey = null)
+        storePinProtectedUserKeyEnvelope(userId = userId, pinProtectedUserKeyEnvelope = null)
 
-        // Do not remove the DeviceKey or PendingAuthRequest on logout, these are persisted
-        // indefinitely unless the TDE flow explicitly removes them.
-        // Do not remove OnboardingStatus we want to keep track of this even after logout.
+        // Certain values are never removed as required by the feature requirements:
+        // * DeviceKey
+        // * PendingAuthRequest
+        // * OnboardingStatus
     }
 
     override fun getAuthenticatorSyncUnlockKey(userId: String): String? =
@@ -236,6 +239,13 @@ class AuthDiskSourceImpl(
         )
     }
 
+    override fun getLocalUserDataKey(userId: String): String? =
+        getString(key = LOCAL_USER_DATA_KEY.appendIdentifier(userId))
+
+    override fun storeLocalUserDataKey(userId: String, wrappedKey: String?) {
+        putString(key = LOCAL_USER_DATA_KEY.appendIdentifier(userId), value = wrappedKey)
+    }
+
     @Deprecated("Use getAccountKeys instead.", replaceWith = ReplaceWith("getAccountKeys"))
     override fun getPrivateKey(userId: String): String? =
         getString(key = MASTER_KEY_ENCRYPTION_PRIVATE_KEY.appendIdentifier(userId))
@@ -330,7 +340,7 @@ class AuthDiskSourceImpl(
         getMutableBiometricUnlockKeyFlow(userId).tryEmit(biometricsKey)
     }
 
-    override fun getUserBiometicUnlockKeyFlow(userId: String): Flow<String?> =
+    override fun getUserBiometricUnlockKeyFlow(userId: String): Flow<String?> =
         getMutableBiometricUnlockKeyFlow(userId)
             .onSubscription { emit(getUserBiometricUnlockKey(userId = userId)) }
 
@@ -372,7 +382,10 @@ class AuthDiskSourceImpl(
         inMemoryOnly: Boolean,
     ) {
         inMemoryPinProtectedUserKeyEnvelopes[userId] = pinProtectedUserKeyEnvelope
-        if (inMemoryOnly) return
+        if (inMemoryOnly) {
+            getMutablePinProtectedUserKeyEnvelopeFlow(userId).tryEmit(pinProtectedUserKeyEnvelope)
+            return
+        }
         putString(
             key = PIN_PROTECTED_USER_KEY_KEY_ENVELOPE.appendIdentifier(userId),
             value = pinProtectedUserKeyEnvelope,

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/disk/model/AccountJson.kt

@@ -8,7 +8,7 @@ import kotlinx.serialization.ExperimentalSerializationApi
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
 import kotlinx.serialization.json.JsonNames
-import java.time.ZonedDateTime
+import java.time.Instant
 
 /**
  * Represents the current account information for a given user.
@@ -37,8 +37,8 @@ data class AccountJson(
      *
      * @property userId The ID of the user.
      * @property email The user's email address.
-     * @property isEmailVerified Whether or not the user's email is verified.
-     * @property isTwoFactorEnabled If the profile has two factor authentication enabled.
+     * @property isEmailVerified Whether the user's email is verified.
+     * @property isTwoFactorEnabled If the profile has two-factor authentication enabled.
      * @property name The user's name (if applicable).
      * @property stamp The account's security stamp (if applicable).
      * @property organizationId The ID of the associated organization (if applicable).
@@ -103,7 +103,7 @@ data class AccountJson(
 
         @SerialName("creationDate")
         @Contextual
-        val creationDate: ZonedDateTime?,
+        val creationDate: Instant?,
     )
 
     /**

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/sdk/AuthSdkSourceImpl.kt

@@ -30,7 +30,7 @@ class AuthSdkSourceImpl(
         getClient()
             .auth()
             .newAuthRequest(
-                email = email,
+                email = email.lowercase(),
             )
     }
 
@@ -42,7 +42,7 @@ class AuthSdkSourceImpl(
             .platform()
             .fingerprint(
                 req = FingerprintRequest(
-                    fingerprintMaterial = email,
+                    fingerprintMaterial = email.lowercase(),
                     publicKey = publicKey,
                 ),
             )

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/AuthRequestManagerImpl.kt

@@ -28,7 +28,6 @@ import kotlinx.coroutines.flow.flow
 import kotlinx.coroutines.isActive
 import java.time.Clock
 import javax.inject.Singleton
-import kotlin.coroutines.coroutineContext
 
 private const val PASSWORDLESS_NOTIFICATION_TIMEOUT_MILLIS: Long = 15L * 60L * 1_000L
 private const val PASSWORDLESS_NOTIFICATION_RETRY_INTERVAL_MILLIS: Long = 4L * 1_000L
@@ -129,7 +128,6 @@ class AuthRequestManagerImpl(
 
                             updateAuthRequest
                                 .creationDate
-                                .toInstant()
                                 .plusMillis(PASSWORDLESS_NOTIFICATION_TIMEOUT_MILLIS)
                                 .isBefore(clock.instant()) -> {
                                 clearPendingAuthRequest()
@@ -163,7 +161,7 @@ class AuthRequestManagerImpl(
         emit(result)
         if (result is AuthRequestUpdatesResult.Error) return@flow
         var isComplete = false
-        while (coroutineContext.isActive && !isComplete) {
+        while (currentCoroutineContext().isActive && !isComplete) {
             delay(PASSWORDLESS_APPROVER_INTERVAL_MILLIS)
             val updateResult = result as AuthRequestUpdatesResult.Update
             authRequestsService
@@ -200,7 +198,6 @@ class AuthRequestManagerImpl(
 
                             updateAuthRequest
                                 .creationDate
-                                .toInstant()
                                 .plusMillis(PASSWORDLESS_NOTIFICATION_TIMEOUT_MILLIS)
                                 .isBefore(clock.instant()) -> {
                                 isComplete = true

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/UserLogoutManagerImpl.kt

@@ -49,14 +49,14 @@ class UserLogoutManagerImpl(
     override fun logout(userId: String, reason: LogoutReason) {
         authDiskSource.userState ?: return
         Timber.d("logout reason=$reason")
-        val isExpired = reason == LogoutReason.SecurityStamp
-        if (isExpired) {
+        val isSecurityStamp = reason == LogoutReason.SecurityStamp
+        if (isSecurityStamp) {
             showToast(message = BitwardenString.login_expired)
         }
 
         val ableToSwitchToNewAccount = switchUserIfAvailable(
             currentUserId = userId,
-            isExpired = isExpired,
+            isSecurityStamp = isSecurityStamp,
             removeCurrentUserFromAccounts = true,
         )
 
@@ -73,25 +73,24 @@ class UserLogoutManagerImpl(
 
     override fun softLogout(userId: String, reason: LogoutReason) {
         Timber.d("softLogout reason=$reason")
-        val isExpired = reason == LogoutReason.SecurityStamp
-        if (isExpired) {
+        val isSecurityStamp = reason == LogoutReason.SecurityStamp
+        if (isSecurityStamp) {
             showToast(message = BitwardenString.login_expired)
         }
-        authDiskSource.storeAccountTokens(
-            userId = userId,
-            accountTokens = null,
-        )
 
-        // Save any data that will still need to be retained after otherwise clearing all dat
+        // Save any data that will still need to be retained after otherwise clearing all data
         val vaultTimeoutInMinutes = settingsDiskSource.getVaultTimeoutInMinutes(userId = userId)
         val vaultTimeoutAction = settingsDiskSource.getVaultTimeoutAction(userId = userId)
-        val pinProtectedUserKeyEnvelope = authDiskSource
-            .getPinProtectedUserKeyEnvelope(userId = userId)
+        val encryptedPin = authDiskSource.getEncryptedPin(userId = userId)
+        val pinProtectedUserKey = authDiskSource.getPinProtectedUserKey(userId = userId)
+        val pinProtectedUserKeyEnvelope = authDiskSource.getPinProtectedUserKeyEnvelope(
+            userId = userId,
+        )
 
         switchUserIfAvailable(
             currentUserId = userId,
             removeCurrentUserFromAccounts = false,
-            isExpired = isExpired,
+            isSecurityStamp = isSecurityStamp,
         )
 
         clearData(userId = userId)
@@ -108,10 +107,14 @@ class UserLogoutManagerImpl(
                 vaultTimeoutAction = vaultTimeoutAction,
             )
         }
-        authDiskSource.storePinProtectedUserKeyEnvelope(
-            userId = userId,
-            pinProtectedUserKeyEnvelope = pinProtectedUserKeyEnvelope,
-        )
+        authDiskSource.apply {
+            storeEncryptedPin(userId = userId, encryptedPin = encryptedPin)
+            storePinProtectedUserKey(userId = userId, pinProtectedUserKey = pinProtectedUserKey)
+            storePinProtectedUserKeyEnvelope(
+                userId = userId,
+                pinProtectedUserKeyEnvelope = pinProtectedUserKeyEnvelope,
+            )
+        }
     }
 
     private fun clearData(userId: String) {
@@ -133,7 +136,7 @@ class UserLogoutManagerImpl(
     private fun switchUserIfAvailable(
         currentUserId: String,
         removeCurrentUserFromAccounts: Boolean,
-        isExpired: Boolean = false,
+        isSecurityStamp: Boolean,
     ): Boolean {
         val currentUserState = authDiskSource.userState ?: return false
 
@@ -145,7 +148,7 @@ class UserLogoutManagerImpl(
 
         // Check if there is a new active user
         return if (updatedAccounts.isNotEmpty()) {
-            if (currentUserId == currentUserState.activeUserId && !isExpired) {
+            if (currentUserId == currentUserState.activeUserId && !isSecurityStamp) {
                 showToast(message = BitwardenString.account_switched_automatically)
             }
 

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/model/AuthRequest.kt

@@ -2,7 +2,7 @@ package com.x8bit.bitwarden.data.auth.manager.model
 
 import android.os.Parcelable
 import kotlinx.parcelize.Parcelize
-import java.time.ZonedDateTime
+import java.time.Instant
 
 /**
  * Represents a Login Approval request.
@@ -27,8 +27,8 @@ data class AuthRequest(
     val ipAddress: String,
     val key: String?,
     val masterPasswordHash: String?,
-    val creationDate: ZonedDateTime,
-    val responseDate: ZonedDateTime?,
+    val creationDate: Instant,
+    val responseDate: Instant?,
     val requestApproved: Boolean,
     val originUrl: String,
     val fingerprint: String,

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/model/CreateAuthRequestResult.kt

@@ -12,7 +12,7 @@ sealed class CreateAuthRequestResult {
     ) : CreateAuthRequestResult()
 
     /**
-     * Models the data returned when a auth request has been approved.
+     * Models the data returned when an auth request has been approved.
      */
     data class Success(
         val authRequest: AuthRequest,
@@ -21,7 +21,7 @@ sealed class CreateAuthRequestResult {
     ) : CreateAuthRequestResult()
 
     /**
-     * There was a generic error getting the user's auth requests.
+     * There was a generic error creating the auth request.
      */
     data class Error(
         val error: Throwable,

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt

@@ -1,7 +1,6 @@
 package com.x8bit.bitwarden.data.auth.repository
 
 import com.bitwarden.network.model.GetTokenResponseJson
-import com.bitwarden.network.model.SyncResponseJson
 import com.bitwarden.network.model.TwoFactorDataModel
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.ForcePasswordResetReason
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
@@ -17,6 +16,7 @@ import com.x8bit.bitwarden.data.auth.repository.model.LeaveOrganizationResult
 import com.x8bit.bitwarden.data.auth.repository.model.LoginResult
 import com.x8bit.bitwarden.data.auth.repository.model.LogoutReason
 import com.x8bit.bitwarden.data.auth.repository.model.NewSsoUserResult
+import com.x8bit.bitwarden.data.auth.repository.model.Organization
 import com.x8bit.bitwarden.data.auth.repository.model.PasswordHintResult
 import com.x8bit.bitwarden.data.auth.repository.model.PasswordStrengthResult
 import com.x8bit.bitwarden.data.auth.repository.model.PolicyInformation
@@ -26,6 +26,7 @@ import com.x8bit.bitwarden.data.auth.repository.model.RemovePasswordResult
 import com.x8bit.bitwarden.data.auth.repository.model.RequestOtpResult
 import com.x8bit.bitwarden.data.auth.repository.model.ResendEmailResult
 import com.x8bit.bitwarden.data.auth.repository.model.ResetPasswordResult
+import com.x8bit.bitwarden.data.auth.repository.model.RevokeFromOrganizationResult
 import com.x8bit.bitwarden.data.auth.repository.model.SendVerificationEmailResult
 import com.x8bit.bitwarden.data.auth.repository.model.SetPasswordResult
 import com.x8bit.bitwarden.data.auth.repository.model.SwitchAccountResult
@@ -33,21 +34,24 @@ import com.x8bit.bitwarden.data.auth.repository.model.ValidatePasswordResult
 import com.x8bit.bitwarden.data.auth.repository.model.ValidatePinResult
 import com.x8bit.bitwarden.data.auth.repository.model.VerifiedOrganizationDomainSsoDetailsResult
 import com.x8bit.bitwarden.data.auth.repository.model.VerifyOtpResult
+import com.x8bit.bitwarden.data.auth.repository.util.CookieCallbackResult
 import com.x8bit.bitwarden.data.auth.repository.util.DuoCallbackTokenResult
 import com.x8bit.bitwarden.data.auth.repository.util.SsoCallbackResult
 import com.x8bit.bitwarden.data.auth.repository.util.WebAuthResult
 import com.x8bit.bitwarden.data.auth.util.YubiKeyResult
 import com.x8bit.bitwarden.data.platform.datasource.network.authenticator.AuthenticatorProvider
+import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.StateFlow
 
 /**
- * Provides an API for observing an modifying authentication state.
+ * Provides an API for observing and modifying authentication state.
  */
 @Suppress("TooManyFunctions")
 interface AuthRepository :
     AuthenticatorProvider,
     AuthRequestManager,
+    BiometricsEncryptionManager,
     KdfManager,
     UserStateManager {
     /**
@@ -67,6 +71,12 @@ interface AuthRepository :
      */
     val ssoCallbackResultFlow: Flow<SsoCallbackResult>
 
+    /**
+     * Flow of the current [CookieCallbackResult]. Subscribers should listen to the flow in order
+     * to receive updates whenever [setCookieCallbackResult] is called.
+     */
+    val cookieCallbackResultFlow: Flow<CookieCallbackResult>
+
     /**
      * Flow of the current [YubiKeyResult]. Subscribers should listen to the flow in order to
      * receive updates whenever [setYubiKeyResult] is called.
@@ -123,10 +133,10 @@ interface AuthRepository :
     /**
      * The organization for the active user.
      */
-    val organizations: List<SyncResponseJson.Profile.Organization>
+    val organizations: List<Organization>
 
     /**
-     * Whether or not the welcome carousel should be displayed, based on the feature flag and
+     * Whether the welcome carousel should be displayed, based on the feature flag and
      * whether the user has ever logged in or created an account before.
      */
     val showWelcomeCarousel: Boolean
@@ -280,7 +290,7 @@ interface AuthRepository :
     ): PasswordHintResult
 
     /**
-     * Removes the users password from the account. This used used when migrating from master
+     * Removes the users password from the account. This is used when migrating from master
      * password login to key connector login.
      */
     suspend fun removePassword(masterPassword: String): RemovePasswordResult
@@ -339,6 +349,11 @@ interface AuthRepository :
      */
     fun setSsoCallbackResult(result: SsoCallbackResult)
 
+    /**
+     * Set the value of [cookieCallbackResultFlow].
+     */
+    fun setCookieCallbackResult(result: CookieCallbackResult)
+
     /**
      * Get a [Boolean] indicating whether this is a known device.
      */
@@ -357,14 +372,14 @@ interface AuthRepository :
     suspend fun getPasswordStrength(email: String? = null, password: String): PasswordStrengthResult
 
     /**
-     * Validates the master password for the current logged in user.
+     * Validates the master password for the current logged-in user.
      */
     suspend fun validatePassword(password: String): ValidatePasswordResult
 
     /**
-     * Validates the PIN for the current logged in user.
+     * Validates the PIN for the current logged-in user.
      */
-    suspend fun validatePin(pin: String): ValidatePinResult
+    suspend fun validatePinUserKey(pin: String): ValidatePinResult
 
     /**
      * Validates the given [password] against the master password
@@ -382,7 +397,7 @@ interface AuthRepository :
     ): SendVerificationEmailResult
 
     /**
-     * Validates the given [token] for the given [email]. Part of th new account registration flow.
+     * Validates the given [token] for the given [email]. Part of the new account registration flow.
      */
     suspend fun validateEmailToken(
         email: String,
@@ -400,4 +415,11 @@ interface AuthRepository :
     suspend fun leaveOrganization(
         organizationId: String,
     ): LeaveOrganizationResult
+
+    /**
+     * Revokes self from the organization that matches the given [organizationId]
+     */
+    suspend fun revokeFromOrganization(
+        organizationId: String,
+    ): RevokeFromOrganizationResult
 }

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt

@@ -2,7 +2,11 @@ package com.x8bit.bitwarden.data.auth.repository
 
 import com.bitwarden.core.AuthRequestMethod
 import com.bitwarden.core.InitUserCryptoMethod
+import com.bitwarden.core.RegisterTdeKeyResponse
+import com.bitwarden.core.WrappedAccountCryptographicState
 import com.bitwarden.core.data.manager.dispatcher.DispatcherManager
+import com.bitwarden.core.data.manager.toast.ToastManager
+import com.bitwarden.core.data.repository.error.MissingPropertyException
 import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
 import com.bitwarden.core.data.util.asFailure
 import com.bitwarden.core.data.util.asSuccess
@@ -10,8 +14,10 @@ import com.bitwarden.core.data.util.flatMap
 import com.bitwarden.crypto.HashPurpose
 import com.bitwarden.crypto.Kdf
 import com.bitwarden.data.datasource.disk.ConfigDiskSource
+import com.bitwarden.data.repository.util.appLinksScheme
 import com.bitwarden.data.repository.util.toEnvironmentUrls
 import com.bitwarden.data.repository.util.toEnvironmentUrlsOrDefault
+import com.bitwarden.network.model.CreateAccountKeysResponseJson
 import com.bitwarden.network.model.DeleteAccountResponseJson
 import com.bitwarden.network.model.GetTokenResponseJson
 import com.bitwarden.network.model.IdentityTokenAuthModel
@@ -43,6 +49,7 @@ import com.bitwarden.network.service.HaveIBeenPwnedService
 import com.bitwarden.network.service.IdentityService
 import com.bitwarden.network.service.OrganizationService
 import com.bitwarden.network.util.isSslHandShakeError
+import com.bitwarden.ui.platform.resource.BitwardenString
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountTokensJson
@@ -68,6 +75,7 @@ import com.x8bit.bitwarden.data.auth.repository.model.LeaveOrganizationResult
 import com.x8bit.bitwarden.data.auth.repository.model.LoginResult
 import com.x8bit.bitwarden.data.auth.repository.model.LogoutReason
 import com.x8bit.bitwarden.data.auth.repository.model.NewSsoUserResult
+import com.x8bit.bitwarden.data.auth.repository.model.Organization
 import com.x8bit.bitwarden.data.auth.repository.model.PasswordHintResult
 import com.x8bit.bitwarden.data.auth.repository.model.PasswordStrengthResult
 import com.x8bit.bitwarden.data.auth.repository.model.PolicyInformation
@@ -77,6 +85,7 @@ import com.x8bit.bitwarden.data.auth.repository.model.RemovePasswordResult
 import com.x8bit.bitwarden.data.auth.repository.model.RequestOtpResult
 import com.x8bit.bitwarden.data.auth.repository.model.ResendEmailResult
 import com.x8bit.bitwarden.data.auth.repository.model.ResetPasswordResult
+import com.x8bit.bitwarden.data.auth.repository.model.RevokeFromOrganizationResult
 import com.x8bit.bitwarden.data.auth.repository.model.SendVerificationEmailResult
 import com.x8bit.bitwarden.data.auth.repository.model.SetPasswordResult
 import com.x8bit.bitwarden.data.auth.repository.model.SwitchAccountResult
@@ -86,11 +95,13 @@ import com.x8bit.bitwarden.data.auth.repository.model.ValidatePinResult
 import com.x8bit.bitwarden.data.auth.repository.model.VerifiedOrganizationDomainSsoDetailsResult
 import com.x8bit.bitwarden.data.auth.repository.model.VerifyOtpResult
 import com.x8bit.bitwarden.data.auth.repository.model.toLoginErrorResult
+import com.x8bit.bitwarden.data.auth.repository.util.CookieCallbackResult
 import com.x8bit.bitwarden.data.auth.repository.util.DuoCallbackTokenResult
 import com.x8bit.bitwarden.data.auth.repository.util.SsoCallbackResult
 import com.x8bit.bitwarden.data.auth.repository.util.WebAuthResult
 import com.x8bit.bitwarden.data.auth.repository.util.activeUserIdChangesFlow
 import com.x8bit.bitwarden.data.auth.repository.util.policyInformation
+import com.x8bit.bitwarden.data.auth.repository.util.toOrganizations
 import com.x8bit.bitwarden.data.auth.repository.util.toRemovedPasswordUserStateJson
 import com.x8bit.bitwarden.data.auth.repository.util.toSdkParams
 import com.x8bit.bitwarden.data.auth.repository.util.toUserState
@@ -100,8 +111,8 @@ import com.x8bit.bitwarden.data.auth.util.KdfParamsConstants.DEFAULT_PBKDF2_ITER
 import com.x8bit.bitwarden.data.auth.util.YubiKeyResult
 import com.x8bit.bitwarden.data.auth.util.toSdkParams
 import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
-import com.x8bit.bitwarden.data.platform.error.MissingPropertyException
 import com.x8bit.bitwarden.data.platform.error.NoActiveUserException
+import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.PushManager
@@ -112,6 +123,7 @@ import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockError
 import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockResult
+import com.x8bit.bitwarden.data.vault.repository.util.createWrappedAccountCryptographicState
 import com.x8bit.bitwarden.data.vault.repository.util.toSdkMasterPasswordUnlock
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
@@ -157,17 +169,20 @@ class AuthRepositoryImpl(
     private val settingsRepository: SettingsRepository,
     private val vaultRepository: VaultRepository,
     private val authRequestManager: AuthRequestManager,
+    private val biometricsEncryptionManager: BiometricsEncryptionManager,
     private val keyConnectorManager: KeyConnectorManager,
     private val trustedDeviceManager: TrustedDeviceManager,
     private val userLogoutManager: UserLogoutManager,
     private val policyManager: PolicyManager,
     private val userStateManager: UserStateManager,
     private val kdfManager: KdfManager,
+    private val toastManager: ToastManager,
     logsManager: LogsManager,
     pushManager: PushManager,
     dispatcherManager: DispatcherManager,
 ) : AuthRepository,
     AuthRequestManager by authRequestManager,
+    BiometricsEncryptionManager by biometricsEncryptionManager,
     KdfManager by kdfManager,
     UserStateManager by userStateManager {
     /**
@@ -255,6 +270,10 @@ class AuthRepositoryImpl(
     override val ssoCallbackResultFlow: Flow<SsoCallbackResult> =
         mutableSsoCallbackResultFlow.asSharedFlow()
 
+    private val mutableCookieCallbackResultFlow = bufferedMutableSharedFlow<CookieCallbackResult>()
+    override val cookieCallbackResultFlow: Flow<CookieCallbackResult> =
+        mutableCookieCallbackResultFlow.asSharedFlow()
+
     override var rememberedEmailAddress: String? by authDiskSource::rememberedEmailAddress
 
     override var rememberedOrgIdentifier: String? by authDiskSource::rememberedOrgIdentifier
@@ -280,8 +299,11 @@ class AuthRepositoryImpl(
             ?.profile
             ?.forcePasswordResetReason
 
-    override val organizations: List<SyncResponseJson.Profile.Organization>
-        get() = activeUserId?.let { authDiskSource.getOrganizations(it) }.orEmpty()
+    override val organizations: List<Organization>
+        get() = activeUserId
+            ?.let { authDiskSource.getOrganizations(it) }
+            .orEmpty()
+            .toOrganizations()
 
     override val showWelcomeCarousel: Boolean
         get() = !settingsRepository.hasUserLoggedInOrCreatedAccount
@@ -454,42 +476,32 @@ class AuthRepositoryImpl(
                                 .getShouldTrustDevice(userId = userId) == true,
                         )
                     }
-                    .flatMap { keys ->
+                    .flatMap { registerTdeKeyResponse ->
                         accountsService
                             .createAccountKeys(
-                                publicKey = keys.publicKey,
-                                encryptedPrivateKey = keys.privateKey,
+                                publicKey = registerTdeKeyResponse.publicKey,
+                                encryptedPrivateKey = registerTdeKeyResponse.privateKey,
                             )
-                            .map { keys }
+                            .map { createAccountKeysResponse ->
+                                registerTdeKeyResponse to createAccountKeysResponse
+                            }
                     }
-                    .flatMap { keys ->
+                    .flatMap { (registerTdeKeyResponse, createAccountKeysResponse) ->
                         organizationService
                             .organizationResetPasswordEnroll(
                                 organizationId = orgAutoEnrollStatus.organizationId,
                                 userId = userId,
                                 passwordHash = null,
-                                resetPasswordKey = keys.adminReset,
+                                resetPasswordKey = registerTdeKeyResponse.adminReset,
                             )
-                            .map { keys }
+                            .map { registerTdeKeyResponse to createAccountKeysResponse }
                     }
-                    .onSuccess { keys ->
-                        // TDE and SSO user creation still uses crypto-v1. These users are not
-                        // expected to have the AEAD keys so we only store the private key for now.
-                        // See https://github.com/bitwarden/android/pull/5682#discussion_r2273940332
-                        // for more details.
-                        authDiskSource.storePrivateKey(
+                    .onSuccess { (registerTdeKeyResponse, createAccountKeysResponse) ->
+                        createNewSsoUserSuccess(
                             userId = userId,
-                            privateKey = keys.privateKey,
+                            createAccountKeysResponse = createAccountKeysResponse,
+                            registerTdeKeyResponse = registerTdeKeyResponse,
                         )
-                        // Order matters here, we need to make sure that the vault is unlocked
-                        // before we trust the device, to avoid state-base navigation issues.
-                        vaultRepository.syncVaultState(userId = userId)
-                        keys.deviceKey?.let { trustDeviceResponse ->
-                            trustedDeviceManager.trustThisDevice(
-                                userId = userId,
-                                trustDeviceResponse = trustDeviceResponse,
-                            )
-                        }
                     }
             }
             .fold(
@@ -498,6 +510,37 @@ class AuthRepositoryImpl(
             )
     }
 
+    /**
+     * Stores all the relevant data from a successful creation of an SSO user. The data is stored
+     * while in an [UserStateManager.userStateTransaction] to ensure the `UserState` is only
+     * updated once after data stored.
+     */
+    private suspend fun createNewSsoUserSuccess(
+        userId: String,
+        createAccountKeysResponse: CreateAccountKeysResponseJson,
+        registerTdeKeyResponse: RegisterTdeKeyResponse,
+    ): Unit = userStateManager.userStateTransaction {
+        authDiskSource.storeAccountKeys(
+            userId = userId,
+            accountKeys = createAccountKeysResponse.accountKeys,
+        )
+        // TDE and SSO user creation still uses crypto-v1. These users are not
+        // expected to have the AEAD keys so we only store the private key for now.
+        // See https://github.com/bitwarden/android/pull/5682#discussion_r2273940332
+        // for more details.
+        authDiskSource.storePrivateKey(
+            userId = userId,
+            privateKey = registerTdeKeyResponse.privateKey,
+        )
+        vaultRepository.syncVaultState(userId = userId)
+        registerTdeKeyResponse.deviceKey?.let { trustDeviceResponse ->
+            trustedDeviceManager.trustThisDevice(
+                userId = userId,
+                trustDeviceResponse = trustDeviceResponse,
+            )
+        }
+    }
+
     override suspend fun completeTdeLogin(
         requestPrivateKey: String,
         asymmetricalKey: String,
@@ -514,6 +557,7 @@ class AuthRepositoryImpl(
             )
         val signingKey = accountKeys?.signatureKeyPair?.wrappedSigningKey
         val securityState = accountKeys?.securityState?.securityState
+        val signedPublicKey = accountKeys?.publicKeyEncryptionKeyPair?.signedPublicKey
 
         checkForVaultUnlockError(
             onVaultUnlockError = { error ->
@@ -521,10 +565,13 @@ class AuthRepositoryImpl(
             },
         ) {
             unlockVault(
+                accountCryptographicState = createWrappedAccountCryptographicState(
+                    privateKey = privateKey,
+                    securityState = securityState,
+                    signingKey = signingKey,
+                    signedPublicKey = signedPublicKey,
+                ),
                 accountProfile = profile,
-                privateKey = privateKey,
-                signingKey = signingKey,
-                securityState = securityState,
                 initUserCryptoMethod = InitUserCryptoMethod.AuthRequest(
                     requestPrivateKey = requestPrivateKey,
                     method = AuthRequestMethod.UserKey(protectedUserKey = asymmetricalKey),
@@ -691,18 +738,27 @@ class AuthRepositoryImpl(
                 when (refreshTokenResponse) {
                     is RefreshTokenResponseJson.Error -> {
                         if (refreshTokenResponse.isInvalidGrant) {
-                            logout(userId = userId, reason = LogoutReason.InvalidGrant)
+                            userLogoutManager.softLogout(
+                                userId = userId,
+                                reason = LogoutReason.InvalidGrant,
+                            )
                         }
                         IllegalStateException(refreshTokenResponse.error).asFailure()
                     }
 
                     is RefreshTokenResponseJson.Forbidden -> {
-                        logout(userId = userId, reason = LogoutReason.RefreshForbidden)
+                        userLogoutManager.softLogout(
+                            userId = userId,
+                            reason = LogoutReason.RefreshForbidden,
+                        )
                         refreshTokenResponse.error.asFailure()
                     }
 
                     is RefreshTokenResponseJson.Unauthorized -> {
-                        logout(userId = userId, reason = LogoutReason.RefreshUnauthorized)
+                        userLogoutManager.softLogout(
+                            userId = userId,
+                            reason = LogoutReason.RefreshUnauthorized,
+                        )
                         refreshTokenResponse.error.asFailure()
                     }
 
@@ -942,8 +998,8 @@ class AuthRepositoryImpl(
         val keyConnectorUrl = organizations
             .find {
                 it.shouldUseKeyConnector &&
-                    it.type != OrganizationType.OWNER &&
-                    it.type != OrganizationType.ADMIN
+                    it.role != OrganizationType.OWNER &&
+                    it.role != OrganizationType.ADMIN
             }
             ?.keyConnectorUrl
             ?: return RemovePasswordResult.Error(
@@ -1005,9 +1061,10 @@ class AuthRepositoryImpl(
                     onSuccess = { it },
                 )
         }
+        val userId = activeAccount.profile.userId
         return vaultSdkSource
             .updatePassword(
-                userId = activeAccount.profile.userId,
+                userId = userId,
                 newPassword = newPassword,
             )
             .flatMap { updatePasswordResponse ->
@@ -1033,14 +1090,15 @@ class AuthRepositoryImpl(
                         )
                         .onSuccess { passwordHash ->
                             authDiskSource.storeMasterPasswordHash(
-                                userId = activeAccount.profile.userId,
+                                userId = userId,
                                 passwordHash = passwordHash,
                             )
                         }
 
+                    toastManager.show(BitwardenString.updated_master_password)
                     // Log out the user after successful password reset.
                     // This clears all user state including forcePasswordResetReason.
-                    logout(reason = LogoutReason.PasswordReset)
+                    logout(reason = LogoutReason.PasswordReset, userId = userId)
 
                     // Return the success.
                     ResetPasswordResult.Success
@@ -1205,6 +1263,10 @@ class AuthRepositoryImpl(
         mutableSsoCallbackResultFlow.tryEmit(result)
     }
 
+    override fun setCookieCallbackResult(result: CookieCallbackResult) {
+        mutableCookieCallbackResultFlow.tryEmit(result)
+    }
+
     override suspend fun getIsKnownDevice(emailAddress: String): KnownDeviceResult =
         devicesService
             .getIsKnownDevice(
@@ -1287,7 +1349,7 @@ class AuthRepositoryImpl(
             }
     }
 
-    override suspend fun validatePin(pin: String): ValidatePinResult {
+    override suspend fun validatePinUserKey(pin: String): ValidatePinResult {
         val activeAccount = authDiskSource
             .userState
             ?.activeAccount
@@ -1296,13 +1358,13 @@ class AuthRepositoryImpl(
         val pinProtectedUserKeyEnvelope = authDiskSource
             .getPinProtectedUserKeyEnvelope(userId = activeAccount.userId)
             ?: return ValidatePinResult.Error(
-                error = MissingPropertyException("Pin Protected User Key"),
+                error = MissingPropertyException("Pin Protected User Key Envelope"),
             )
         return vaultSdkSource
-            .validatePin(
+            .validatePinUserKey(
                 userId = activeAccount.userId,
                 pin = pin,
-                pinProtectedUserKey = pinProtectedUserKeyEnvelope,
+                pinProtectedUserKeyEnvelope = pinProtectedUserKeyEnvelope,
             )
             .fold(
                 onSuccess = { ValidatePinResult.Success(isValid = it) },
@@ -1356,10 +1418,10 @@ class AuthRepositoryImpl(
             )
             .fold(
                 onSuccess = {
-                    when (val json = it) {
+                    when (it) {
                         VerifyEmailTokenResponseJson.Valid -> EmailTokenResult.Success
                         is VerifyEmailTokenResponseJson.Invalid -> {
-                            EmailTokenResult.Error(message = json.message, error = null)
+                            EmailTokenResult.Error(message = it.message, error = null)
                         }
 
                         VerifyEmailTokenResponseJson.TokenExpired -> EmailTokenResult.Expired
@@ -1384,6 +1446,14 @@ class AuthRepositoryImpl(
             onFailure = { LeaveOrganizationResult.Error(error = it) },
         )
 
+    override suspend fun revokeFromOrganization(
+        organizationId: String,
+    ): RevokeFromOrganizationResult =
+        organizationService.revokeFromOrganization(organizationId).fold(
+            onSuccess = { RevokeFromOrganizationResult.Success },
+            onFailure = { RevokeFromOrganizationResult.Error(error = it) },
+        )
+
     @Suppress("CyclomaticComplexMethod")
     private suspend fun validatePasswordAgainstPolicy(
         password: String,
@@ -1522,6 +1592,7 @@ class AuthRepositoryImpl(
     ): LoginResult = identityService
         .getToken(
             uniqueAppId = authDiskSource.uniqueAppId,
+            deeplinkScheme = environmentRepository.environment.environmentUrlData.appLinksScheme,
             email = email,
             authModel = authModel,
             twoFactorData = twoFactorData ?: getRememberedTwoFactorData(email),
@@ -1806,14 +1877,23 @@ class AuthRepositoryImpl(
                 )
                 .map {
                     unlockVault(
+                        accountCryptographicState = createWrappedAccountCryptographicState(
+                            privateKey = privateKey,
+                            securityState = loginResponse.accountKeys
+                                ?.securityState
+                                ?.securityState,
+                            signingKey = loginResponse.accountKeys
+                                ?.signatureKeyPair
+                                ?.wrappedSigningKey,
+                            signedPublicKey = loginResponse.accountKeys
+                                ?.publicKeyEncryptionKeyPair
+                                ?.signedPublicKey,
+                        ),
                         accountProfile = profile,
-                        privateKey = privateKey,
                         initUserCryptoMethod = InitUserCryptoMethod.KeyConnector(
                             masterKey = it.masterKey,
                             userKey = key,
                         ),
-                        securityState = loginResponse.accountKeys?.securityState?.securityState,
-                        signingKey = loginResponse.accountKeys?.signatureKeyPair?.wrappedSigningKey,
                     )
                 }
                 .fold(
@@ -1834,11 +1914,21 @@ class AuthRepositoryImpl(
                     organizationIdentifier = orgIdentifier,
                 )
                 .map { keyConnectorResponse ->
+                    val accountKeys = loginResponse.accountKeys
                     val result = unlockVault(
+                        accountCryptographicState = createWrappedAccountCryptographicState(
+                            privateKey = keyConnectorResponse.keys.private,
+                            securityState = accountKeys
+                                ?.securityState
+                                ?.securityState,
+                            signingKey = accountKeys
+                                ?.signatureKeyPair
+                                ?.wrappedSigningKey,
+                            signedPublicKey = accountKeys
+                                ?.publicKeyEncryptionKeyPair
+                                ?.signedPublicKey,
+                        ),
                         accountProfile = profile,
-                        privateKey = keyConnectorResponse.keys.private,
-                        securityState = loginResponse.accountKeys?.securityState?.securityState,
-                        signingKey = loginResponse.accountKeys?.signatureKeyPair?.wrappedSigningKey,
                         initUserCryptoMethod = InitUserCryptoMethod.KeyConnector(
                             masterKey = keyConnectorResponse.masterKey,
                             userKey = keyConnectorResponse.encryptedUserKey,
@@ -1883,27 +1973,30 @@ class AuthRepositoryImpl(
         // Attempt to unlock the vault with password if possible.
         val masterPassword = password ?: return null
         val privateKey = loginResponse.privateKeyOrNull() ?: return null
-        val key = loginResponse.key ?: return null
 
-        val initUserCryptoMethod = loginResponse
+        val masterPasswordUnlock = loginResponse
             .userDecryptionOptions
             ?.masterPasswordUnlock
-            ?.let { masterPasswordUnlock ->
-                InitUserCryptoMethod.MasterPasswordUnlock(
-                    password = masterPassword,
-                    masterPasswordUnlock = masterPasswordUnlock.toSdkMasterPasswordUnlock(),
-                )
-            }
-            ?: InitUserCryptoMethod.Password(
-                password = masterPassword,
-                userKey = key,
-            )
+            ?: return null
+        val initUserCryptoMethod = InitUserCryptoMethod.MasterPasswordUnlock(
+            password = masterPassword,
+            masterPasswordUnlock = masterPasswordUnlock.toSdkMasterPasswordUnlock(),
+        )
 
         return unlockVault(
+            accountCryptographicState = createWrappedAccountCryptographicState(
+                privateKey = privateKey,
+                securityState = loginResponse.accountKeys
+                    ?.securityState
+                    ?.securityState,
+                signingKey = loginResponse.accountKeys
+                    ?.signatureKeyPair
+                    ?.wrappedSigningKey,
+                signedPublicKey = loginResponse.accountKeys
+                    ?.publicKeyEncryptionKeyPair
+                    ?.signedPublicKey,
+            ),
             accountProfile = profile,
-            privateKey = privateKey,
-            securityState = loginResponse.accountKeys?.securityState?.securityState,
-            signingKey = loginResponse.accountKeys?.signatureKeyPair?.wrappedSigningKey,
             initUserCryptoMethod = initUserCryptoMethod,
         )
     }
@@ -1911,6 +2004,7 @@ class AuthRepositoryImpl(
     /**
      * Attempt to unlock the current user's vault with trusted device specific data.
      */
+    @Suppress("LongMethod")
     private suspend fun unlockVaultWithTdeOnLoginSuccess(
         loginResponse: GetTokenResponseJson.Success,
         profile: AccountJson.Profile,
@@ -1923,10 +2017,19 @@ class AuthRepositoryImpl(
         if (privateKey != null && key != null) {
             deviceData?.let { model ->
                 return unlockVault(
+                    accountCryptographicState = createWrappedAccountCryptographicState(
+                        privateKey = privateKey,
+                        securityState = loginResponse.accountKeys
+                            ?.securityState
+                            ?.securityState,
+                        signingKey = loginResponse.accountKeys
+                            ?.signatureKeyPair
+                            ?.wrappedSigningKey,
+                        signedPublicKey = loginResponse.accountKeys
+                            ?.publicKeyEncryptionKeyPair
+                            ?.signedPublicKey,
+                    ),
                     accountProfile = profile,
-                    privateKey = privateKey,
-                    securityState = loginResponse.accountKeys?.securityState?.securityState,
-                    signingKey = loginResponse.accountKeys?.signatureKeyPair?.wrappedSigningKey,
                     initUserCryptoMethod = InitUserCryptoMethod.AuthRequest(
                         requestPrivateKey = model.privateKey,
                         method = model
@@ -1956,9 +2059,18 @@ class AuthRepositoryImpl(
                         unlockVaultWithTrustedDeviceUserDecryptionOptionsAndStoreKeys(
                             options = options,
                             profile = profile,
-                            privateKey = accountKeys.publicKeyEncryptionKeyPair.wrappedPrivateKey,
-                            securityState = accountKeys.securityState?.securityState,
-                            signingKey = accountKeys.signatureKeyPair?.wrappedSigningKey,
+                            privateKey = accountKeys
+                                .publicKeyEncryptionKeyPair
+                                .wrappedPrivateKey,
+                            securityState = accountKeys
+                                .securityState
+                                ?.securityState,
+                            signedPublicKey = accountKeys
+                                .publicKeyEncryptionKeyPair
+                                .signedPublicKey,
+                            signingKey = accountKeys
+                                .signatureKeyPair
+                                ?.wrappedSigningKey,
                         )
                     }
                     ?: loginResponse.privateKey
@@ -1968,6 +2080,7 @@ class AuthRepositoryImpl(
                                 profile = profile,
                                 privateKey = privateKey,
                                 securityState = null,
+                                signedPublicKey = null,
                                 signingKey = null,
                             )
                         }
@@ -1983,6 +2096,7 @@ class AuthRepositoryImpl(
         profile: AccountJson.Profile,
         privateKey: String,
         securityState: String?,
+        signedPublicKey: String?,
         signingKey: String?,
     ): VaultUnlockResult? {
         var vaultUnlockResult: VaultUnlockResult? = null
@@ -2000,10 +2114,13 @@ class AuthRepositoryImpl(
                     // For approved requests the key will always be present.
                     val userKey = requireNotNull(request.key)
                     vaultUnlockResult = unlockVault(
+                        accountCryptographicState = createWrappedAccountCryptographicState(
+                            privateKey = privateKey,
+                            securityState = securityState,
+                            signingKey = signingKey,
+                            signedPublicKey = signedPublicKey,
+                        ),
                         accountProfile = profile,
-                        privateKey = privateKey,
-                        signingKey = signingKey,
-                        securityState = securityState,
                         initUserCryptoMethod = InitUserCryptoMethod.AuthRequest(
                             requestPrivateKey = pendingRequest.requestPrivateKey,
                             method = AuthRequestMethod.UserKey(protectedUserKey = userKey),
@@ -2029,10 +2146,13 @@ class AuthRepositoryImpl(
         }
 
         vaultUnlockResult = unlockVault(
+            accountCryptographicState = createWrappedAccountCryptographicState(
+                privateKey = privateKey,
+                securityState = securityState,
+                signingKey = signingKey,
+                signedPublicKey = signedPublicKey,
+            ),
             accountProfile = profile,
-            privateKey = privateKey,
-            securityState = securityState,
-            signingKey = signingKey,
             initUserCryptoMethod = InitUserCryptoMethod.DeviceKey(
                 deviceKey = deviceKey,
                 protectedDevicePrivateKey = encryptedPrivateKey,
@@ -2050,20 +2170,16 @@ class AuthRepositoryImpl(
      * A helper function to unlock the vault for the user associated with the [accountProfile].
      */
     private suspend fun unlockVault(
+        accountCryptographicState: WrappedAccountCryptographicState,
         accountProfile: AccountJson.Profile,
-        privateKey: String,
-        securityState: String?,
-        signingKey: String?,
         initUserCryptoMethod: InitUserCryptoMethod,
     ): VaultUnlockResult {
         val userId = accountProfile.userId
         return vaultRepository.unlockVault(
+            accountCryptographicState = accountCryptographicState,
             userId = userId,
             email = accountProfile.email,
             kdf = accountProfile.toSdkParams(),
-            privateKey = privateKey,
-            signingKey = signingKey,
-            securityState = securityState,
             initUserCryptoMethod = initUserCryptoMethod,
             // The value for the organization keys here will typically be null. We can separately
             // unlock the vault for organization data after receiving the sync response if this

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/di/AuthRepositoryModule.kt

@@ -1,6 +1,7 @@
 package com.x8bit.bitwarden.data.auth.repository.di
 
 import com.bitwarden.core.data.manager.dispatcher.DispatcherManager
+import com.bitwarden.core.data.manager.toast.ToastManager
 import com.bitwarden.data.datasource.disk.ConfigDiskSource
 import com.bitwarden.network.service.AccountsService
 import com.bitwarden.network.service.DevicesService
@@ -19,6 +20,7 @@ import com.x8bit.bitwarden.data.auth.manager.UserStateManagerImpl
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.auth.repository.AuthRepositoryImpl
 import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
+import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
 import com.x8bit.bitwarden.data.platform.manager.FirstTimeActionManager
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
@@ -60,6 +62,7 @@ object AuthRepositoryModule {
         environmentRepository: EnvironmentRepository,
         settingsRepository: SettingsRepository,
         vaultRepository: VaultRepository,
+        biometricsEncryptionManager: BiometricsEncryptionManager,
         keyConnectorManager: KeyConnectorManager,
         authRequestManager: AuthRequestManager,
         trustedDeviceManager: TrustedDeviceManager,
@@ -69,6 +72,7 @@ object AuthRepositoryModule {
         logsManager: LogsManager,
         userStateManager: UserStateManager,
         kdfManager: KdfManager,
+        toastManager: ToastManager,
     ): AuthRepository = AuthRepositoryImpl(
         clock = clock,
         accountsService = accountsService,
@@ -85,6 +89,7 @@ object AuthRepositoryModule {
         environmentRepository = environmentRepository,
         settingsRepository = settingsRepository,
         vaultRepository = vaultRepository,
+        biometricsEncryptionManager = biometricsEncryptionManager,
         keyConnectorManager = keyConnectorManager,
         authRequestManager = authRequestManager,
         trustedDeviceManager = trustedDeviceManager,
@@ -94,6 +99,7 @@ object AuthRepositoryModule {
         logsManager = logsManager,
         userStateManager = userStateManager,
         kdfManager = kdfManager,
+        toastManager = toastManager,
     )
 
     @Provides

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/model/LeaveOrganizationResult.kt

@@ -1,7 +1,7 @@
 package com.x8bit.bitwarden.data.auth.repository.model
 
 /**
- * Models result of deleting an account.
+ * Models result of leaving an organization.
  */
 sealed class LeaveOrganizationResult {
     /**

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/model/Organization.kt

@@ -14,14 +14,16 @@ import com.bitwarden.network.model.OrganizationType
  * @property keyConnectorUrl The key connector domain (if applicable).
  * @property userIsClaimedByOrganization Indicates that the user is claimed by the organization.
  * @property limitItemDeletion Indicates that the organization limits item deletion.
+ * @property shouldUseEvents Indicates if the organization uses tracking events.
  */
 data class Organization(
     val id: String,
-    val name: String?,
+    val name: String,
     val shouldManageResetPassword: Boolean,
     val shouldUseKeyConnector: Boolean,
     val role: OrganizationType,
     val keyConnectorUrl: String?,
     val userIsClaimedByOrganization: Boolean,
-    val limitItemDeletion: Boolean = false,
+    val limitItemDeletion: Boolean,
+    val shouldUseEvents: Boolean,
 )

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/model/RevokeFromOrganizationResult.kt

@@ -0,0 +1,18 @@
+package com.x8bit.bitwarden.data.auth.repository.model
+
+/**
+ * Models result of leaving an organization.
+ */
+sealed class RevokeFromOrganizationResult {
+    /**
+     * Revoke from organization succeeded.
+     */
+    data object Success : RevokeFromOrganizationResult()
+
+    /**
+     * There was an error revoking from the organization.
+     */
+    data class Error(
+        val error: Throwable?,
+    ) : RevokeFromOrganizationResult()
+}

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/model/UserAccountTokens.kt

@@ -9,7 +9,7 @@ data class UserAccountTokens(
     val refreshToken: String?,
 ) {
     /**
-     * Returns `true` if the user is logged in, `false otherwise.
+     * Returns `true` if the user is logged in, `false` otherwise.
      */
     val isLoggedIn: Boolean get() = accessToken != null
 }

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/model/UserState.kt

@@ -1,8 +1,10 @@
 package com.x8bit.bitwarden.data.auth.repository.model
 
 import com.bitwarden.data.repository.model.Environment
+import com.bitwarden.ui.platform.base.util.toHexColorRepresentation
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
 import com.x8bit.bitwarden.data.platform.manager.model.FirstTimeState
+import java.time.Instant
 
 /**
  * Represents the overall "user state" of the current active user as well as any users that may be
@@ -43,7 +45,7 @@ data class UserState(
      * @property isPremium `true` if the account has a premium membership.
      * @property isLoggedIn `true` if the account is logged in, or `false` if it requires additional
      * authentication to view their vault.
-     * @property isVaultUnlocked Whether or not the user's vault is currently unlocked.
+     * @property isVaultUnlocked Whether the user's vault is currently unlocked.
      * @property needsPasswordReset If the user needs to reset their password.
      * @property needsMasterPassword Indicates whether the user needs to create a password (e.g.
      * they logged in using SSO and don't yet have one). NOTE: This should **not** be used to
@@ -55,6 +57,7 @@ data class UserState(
      * user's vault is enabled.
      * @property vaultUnlockType The mechanism by which the user's vault may be unlocked.
      * @property isUsingKeyConnector Indicates if the account is currently using a key connector.
+     * @property creationDate The date the account was created, if available.
      */
     data class Account(
         val userId: String,
@@ -76,6 +79,7 @@ data class UserState(
         val onboardingStatus: OnboardingStatus,
         val firstTimeState: FirstTimeState,
         val isExportable: Boolean,
+        val creationDate: Instant?,
     ) {
         /**
          * Indicates that the user does or does not have a means to manually unlock the vault.
@@ -96,4 +100,33 @@ data class UserState(
         val hasLoginApprovingDevice: Boolean,
         val hasResetPasswordPermission: Boolean,
     )
+
+    @Suppress("UndocumentedPublicClass")
+    companion object {
+        /**
+         * A basic empty account model.
+         */
+        val EMPTY_ACCOUNT: Account = Account(
+            userId = "",
+            name = null,
+            email = "",
+            avatarColorHex = "".toHexColorRepresentation(),
+            environment = Environment.Us,
+            isPremium = false,
+            isLoggedIn = false,
+            isVaultUnlocked = false,
+            needsPasswordReset = false,
+            organizations = emptyList(),
+            isBiometricsEnabled = false,
+            vaultUnlockType = VaultUnlockType.MASTER_PASSWORD,
+            needsMasterPassword = false,
+            hasMasterPassword = true,
+            trustedDevice = null,
+            isUsingKeyConnector = false,
+            onboardingStatus = OnboardingStatus.COMPLETE,
+            firstTimeState = FirstTimeState(),
+            isExportable = false,
+            creationDate = null,
+        )
+    }
 }

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/util/CookieUtils.kt

@@ -0,0 +1,83 @@
+package com.x8bit.bitwarden.data.auth.repository.util
+
+import android.content.Intent
+import android.net.Uri
+import android.os.Parcelable
+import androidx.browser.auth.AuthTabIntent
+import kotlinx.parcelize.Parcelize
+
+/** URI scheme for cookie vendor callback. */
+private const val COOKIE_CALLBACK_SCHEME: String = "bitwarden"
+
+/** URI host for cookie vendor callback. */
+private const val COOKIE_CALLBACK_HOST: String = "sso-cookie-vendor"
+
+/** Completeness marker parameter name (filtered from cookie extraction). */
+private const val COMPLETENESS_MARKER_PARAM = "d"
+
+/**
+ * Extracts cookie callback result from Intent.
+ * Handles both single and sharded cookie formats.
+ * Filters out the 'd' completeness marker parameter.
+ *
+ * @return [CookieCallbackResult] if this is a cookie callback, null otherwise.
+ */
+fun Intent.getCookieCallbackResultOrNull(): CookieCallbackResult? {
+    if (action != Intent.ACTION_VIEW) return null
+    val uri = data ?: return null
+    if (uri.scheme != COOKIE_CALLBACK_SCHEME) return null
+    if (uri.host != COOKIE_CALLBACK_HOST) return null
+    return uri.getCookieCallbackResult()
+}
+
+/**
+ * Retrieves a [CookieCallbackResult] from an [AuthTabIntent.AuthResult]. There are two possible
+ * cases.
+ *
+ * - [CookieCallbackResult.Success]: The URI is the cookie callback with correct data.
+ * - [CookieCallbackResult.MissingCookie]: The URI is the cookie callback with incorrect data or a
+ * failure has occurred.
+ */
+fun AuthTabIntent.AuthResult.getCookieCallbackResult(): CookieCallbackResult =
+    when (this.resultCode) {
+        AuthTabIntent.RESULT_OK -> this.resultUri.getCookieCallbackResult()
+        AuthTabIntent.RESULT_CANCELED -> CookieCallbackResult.MissingCookie
+        AuthTabIntent.RESULT_UNKNOWN_CODE -> CookieCallbackResult.MissingCookie
+        AuthTabIntent.RESULT_VERIFICATION_FAILED -> CookieCallbackResult.MissingCookie
+        AuthTabIntent.RESULT_VERIFICATION_TIMED_OUT -> CookieCallbackResult.MissingCookie
+        else -> CookieCallbackResult.MissingCookie
+    }
+
+private fun Uri?.getCookieCallbackResult(): CookieCallbackResult {
+    if (this == null) return CookieCallbackResult.MissingCookie
+    val cookies = queryParameterNames
+        .asSequence()
+        .filter { it != COMPLETENESS_MARKER_PARAM }
+        .mapNotNull { name ->
+            getQueryParameter(name)?.takeIf { it.isNotEmpty() }?.let { name to it }
+        }
+        .toMap()
+    return if (cookies.isEmpty()) {
+        CookieCallbackResult.MissingCookie
+    } else {
+        CookieCallbackResult.Success(cookies)
+    }
+}
+
+/**
+ * Represents the result of a cookie callback from a deep link.
+ */
+sealed class CookieCallbackResult : Parcelable {
+    /**
+     * The callback did not contain any cookies.
+     */
+    @Parcelize
+    data object MissingCookie : CookieCallbackResult()
+
+    /**
+     * Successfully extracted cookies from the callback.
+     * @param cookies Map of cookie name to cookie value. Supports sharded cookies.
+     */
+    @Parcelize
+    data class Success(val cookies: Map<String, String>) : CookieCallbackResult()
+}