* Update cargo.lock on windows
* Move ABE key decoding to helper.exe
* Safe slice operations (no panics)
* Refactor CNG code a bit
* Refactor CNG code a bit more
* Update README to match the new flow
* DRY up v1 and v2 decryption
* Remove all the crates and windows features that are not needed
* helper.exe split into a bunch of files
* Refator mod windows
* Minor cleanup
---------
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* limit port to internal communications
* A few more internal-only ports
* fixup tests
disabled tests that are now failing with a race condition.
* Remove autofill team review requirement
* [BRE-1281] Add formatting for changelog to strip bullet points in fastlane
* [BRE-1281] Change UI message in fastlane for original and formatted changelog
* add state definition
* create abstraction, no-op, and web service
* update service name to reflect file name
* create redirect guard and add to web route
* update service import
* [PM-27543] Cleanup premiumInterestRedirectGuard
* [PM-27543] Add tests for premium-interest-redirect guard
* [PM-27543] Undo change to billing docs
* [PM-27543] Add error handling to guard
* [PM-27543] Improve tests
* [PM-27543] Add callToAction query parameter
---------
Co-authored-by: Shane <smelton@bitwarden.com>
* Improve popout window UX for fullscreen macOS
Adds special handling for popout windows when the sender is in fullscreen mode on macOS. The sender window moves from fullscreen to maximized before opening the popout, and the new window is focused after creation to improve user experience.
* Add tests for fullscreen popout behavior on mac
added happy path and skip path tests
* Move popout window check before fullscreen logic
* Refactor openPopout tests for platform-specific fullscreen handling
* run prettier
---------
Co-authored-by: Addison Beck <github@addisonbeck.com>
* Added checks to on the sshkey view to prevent null fields
* Give default values to the template
* Give default values to the template
* change function signature to match ts-strct styles
* Added unit tests for the ssh key to view and replaced deafults to empty strings
* [PM-24469] Refactor CipherViewComponent to use Angular signals and computed properties for improved reactivity
* [PM-24469] Refactor CipherViewComponent to utilize Angular signals for organization data retrieval
* [PM-24469] Refactor CipherViewComponent to utilize Angular signals for folder data retrieval
* [PM-24469] Cleanup organization signal
* [PM-24469] Refactor CipherViewComponent to replace signal for card expiration with computed property
* [PM-24469] Improve collections loading in CipherViewComponent
* [PM-24469] Remove redundant loadCipherData method
* [PM-24469] Refactor CipherViewComponent to replace signal with computed property for pending change password tasks
* [PM-24469] Refactor LoginCredentialsViewComponent to rename hadPendingChangePasswordTask to showChangePasswordLink for clarity
* [PM-24469] Introduce showChangePasswordLink computed property for improved readability
* [PM-24469] Initial RI for premium logic
* [PM-24469] Refactor checkPassword risk checking logic
* [PM-24469] Cleanup premium check
* [PM-24469] Cleanup UI visuals
* [PM-24469] Fix missing typography import
* [PM-24469] Cleanup docs
* [PM-24469] Add feature flag
* [PM-24469] Ensure password risk check is only performed when the feature is enabled, and the cipher is editable by the user, and it has a password
* [PM-24469] Refactor password risk evaluation logic and add unit tests for risk assessment
* [PM-24469] Fix mismatched CipherId type
* [PM-24469] Fix test dependencies
* [PM-24469] Fix config service mock in emergency view dialog spec
* [PM-24469] Wait for decrypted vault before calculating cipher risk
* [PM-24469] startWith(false) for passwordIsAtRisk signal to avoid showing stale values when cipher changes
* [PM-24469] Exclude organization owned ciphers from JIT risk analysis
* [PM-24469] Add initial cipher-view component test boilerplate
* [PM-24469] Add passwordIsAtRisk signal tests
* [PM-24469] Ignore soft deleted items for RI for premium feature
* [PM-24469] Fix tests
* Desktop Autotype use managed object for IPC vault data payload
* claude feedback 1
* check for falsey values
* add unit test
* remove unecessary async
* helper result type
* dear claude
Creates a `PremiumInterestStateService` that manages state which conveys whether or not a user intends to setup a premium subscription. Implemented in Web only. No-op for other clients.
This will apply for users who began the registration process on https://bitwarden.com/go/start-premium/, which is a marketing page designed to streamline users who intend to setup a premium subscription after registration.
* feature flag
* new upgrade dialog component and moved pricing service into libs
first draft
* moved pricing service to libs/common
removed toast service from the pricing service and implemented error handling in calling components
# Conflicts:
# apps/web/src/app/billing/individual/upgrade/upgrade-payment/upgrade-payment.component.ts
* moved new premium upgrade dialog component to libs/angular
* badge opens new dialog in browser extension
* adds new dialog to desktop and fixes tests
* updates send dropdown to use premium prompt service
* styling and copy updates
* implement in web and desktop
* unit tests
* converting premium reports to use premium badge, and some cleanup
* fixes issue after merge
* linter errors
* pr feedback
* handle async promise correctly
* full sync after the premium upgrade is complete
* fixing test
* add padding to bottom of card in new dialog
* add support for self hosting
* fixing tests
* fix test
* Update has-premium.guard.ts
* pr feedback
* fix build and pr feedback
* fix build
* prettier
* fixing stories and making badge line height consistent
* pr feedback
* updated upgrade dialog to no longer use pricing card
* fixing incorrect markup and removing unused bits
* formatting
* pr feedback
removing unused message keys and adding back in code that was erroneously removed
* change detection
* close dialog when error
* claude pr feedback
* feat(dirt): add newApplications$ observable to orchestrator
Add reactive observable that filters applicationData for unreviewed apps
(reviewedDate === null). Observable automatically updates when report
state changes through the pipeline.
- Add newApplications$ observable with distinctUntilChanged
- Filters rawReportData$.data.applicationData
- Uses shareReplay for multi-subscriber efficiency
Related to PM-27284
* feat(dirt): add saveApplicationReviewStatus$ to orchestrator
Implement method to save application review status and critical flags.
Updates all applications where reviewedDate === null to set current date,
and marks selected applications as critical.
- Add saveApplicationReviewStatus$() method
- Add _updateReviewStatusAndCriticalFlags() helper
- Uses existing encryption and API update patterns
- Single API call for both review status and critical flags
- Follows same pattern as saveCriticalApplications$()
Related to PM-27284
* feat(dirt): expose newApplications$ in data service
Expose orchestrator's newApplications$ observable and save method
through RiskInsightsDataService facade. Maintains clean separation
between orchestrator (business logic) and components (UI).
- Expose newApplications$ observable
- Expose saveApplicationReviewStatus() delegation method
- Maintains facade pattern consistency
Related to PM-27284
* feat(dirt): make AllActivitiesService reactive to new applications
Update AllActivitiesService to subscribe to orchestrator's newApplications$
observable instead of receiving data through summary updates.
- Subscribe to dataService.newApplications$ in constructor
- Add setNewApplications() helper method
- Remove newApplications update from setAllAppsReportSummary()
- New applications now update reactively when review status changes
Related to PM-27284
* feat(dirt): connect dialog to review status save method
Update NewApplicationsDialogComponent to call the data service's
saveApplicationReviewStatus method when marking applications as critical.
- Inject RiskInsightsDataService
- Replace placeholder onMarkAsCritical() with real implementation
- Handle success/error cases with appropriate toast notifications
- Close dialog on successful save
- Show different messages based on whether apps were marked critical
Related to PM-27284
* feat(dirt): add i18n strings for application review
Add internationalization strings for the new applications review dialog
success and error messages.
- applicationReviewSaved: Success toast title
- applicationsMarkedAsCritical: Success message when apps marked critical
- newApplicationsReviewed: Success message when apps reviewed only
- errorSavingReviewStatus: Error toast title
- pleaseTryAgain: Error toast message
Related to PM-27284
* fix(dirt): add subscription cleanup to AllActivitiesService
Critical fix for production code quality and memory leak prevention.
Adds takeUntil pattern to all subscriptions to comply with ADR-0003
(Observable Data Services) requirements.
**Subscription Cleanup (ADR-0003 Compliance):**
- Add takeUntil pattern to AllActivitiesService subscriptions
- Add _destroy$ Subject and destroy() method
- Prevents memory leaks by properly unsubscribing from observables
- Follows Observable Data Services ADR requirements
Changes:
- Import Subject and takeUntil from rxjs
- Add private _destroy$ Subject for cleanup coordination
- Apply takeUntil(this._destroy$) to all 3 subscriptions:
- enrichedReportData$ subscription
- criticalReportResults$ subscription
- newApplications$ subscription
- Add destroy() method for proper resource cleanup
This ensures proper resource cleanup and follows Bitwarden's
architectural decision records for observable management.
Related to PM-27284
* fix(dirt): replace manual takeUntil with takeUntilDestroyed in AllActivitiesService
Fixes critical memory leak by replacing manual subscription cleanup
with Angular's automatic DestroyRef-based cleanup pattern.
**Changes:**
- Replace `takeUntil(this._destroy$)` with `takeUntilDestroyed()` for all 3 subscriptions
- Remove unused `_destroy$` Subject and manual `destroy()` method
- Update imports to use `@angular/core/rxjs-interop`
**Why:**
- Manual `destroy()` method was never called anywhere in codebase
- Subscriptions accumulated without cleanup, causing memory leaks
- `takeUntilDestroyed()` uses Angular's DestroyRef for automatic cleanup
- Aligns with ADR-0003 and .claude/CLAUDE.md requirements
**Impact:**
- Automatic subscription cleanup when service context is destroyed
- Prevents memory leaks during hot module reloads and route changes
- Reduces code complexity (no manual lifecycle management needed)
Related to PM-27284
* refactor(dirt): remove newApplications from OrganizationReportSummary
Removes redundant newApplications field from summary type and uses
derived newApplications$ observable from orchestrator instead.
**Changes:**
- Remove newApplications from OrganizationReportSummary type definition
- Remove dummy data array from RiskInsightsReportService.getApplicationsSummary()
- Remove newApplications subscription from AllActivitiesService
- Update AllActivityComponent to subscribe directly to dataService.newApplications$
**Why:**
- Eliminates data redundancy (stored vs derived)
- newApplications$ already computes from applicationData.reviewedDate === null
- Single source of truth: applicationData is the source
- Simplifies encrypted payload (less data in summary)
- Better separation: stored data (counts) vs computed data (lists)
**Impact:**
- No functional changes - UI continues to display new applications correctly
- Cleaner architecture with computed observable pattern
* cleanup
* fix(dirt): improve dialog type safety and error logging
Addresses critical PR review issues in NewApplicationsDialogComponent:
**Type Safety:**
- Replace unsafe type casting `(this as any).dialogRef` with proper DialogRef injection
- Inject DialogRef<boolean | undefined> using Angular's inject() function
- Ensures type safety and prevents runtime errors from missing dialogRef
**Error Handling:**
- Add LogService to dialog component
- Log errors with "[NewApplicationsDialog]" for debugging
- Maintain user-facing error toast while adding server-side logging
**Impact:**
- Eliminates TypeScript safety bypasses
- Improves production debugging capabilities
- Follows Angular dependency injection best practices
* fixing mock data and test cases for new apps
* feat(dirt): create assign tasks view component
Create standalone view component for task assignment UI that can be
embedded within dialogs or other containers.
- Add AssignTasksViewComponent with signal-based inputs/outputs
- Use input.required<number>() for selectedApplicationsCount
- Use output<void>() for tasksAssigned and back events
- Implement task calculation using SecurityTasksApiService
- Add onAssignTasks() method with loading state and error handling
- Include task summary card UI matching password-change-metric style
- Add proper subscription cleanup with takeUntilDestroyed (ADR-0003)
- Buttons included in component template (not dialog footer)
- Component retrieves organizationId from route params
Related to PM-27619
* refactor(dirt): add multi-view state management to new applications dialog
Add view state const object and properties to support toggling between
application selection and embedded assign tasks component.
- Add DialogView const object with SelectApplications and AssignTasks states (ADR-0025)
- Add DialogView type for type safety
- Add currentView property to track active view
- Import AssignTasksViewComponent for embedded use
- Add isCalculatingTasks loading state
- Inject AllActivitiesService and SecurityTasksApiService for task checking
- Implement OnInit with organizationId retrieval from route params
- Add proper subscription cleanup with takeUntilDestroyed (ADR-0003)
- Expose DialogView constants to template
Related to PM-27619
* feat(dirt): integrate assign tasks view into dialog
Implement logic to embed AssignTasksViewComponent within dialog and
handle communication via event bindings.
- Update onMarkAsCritical to check for tasks before closing dialog
- Add checkForTasksToAssign() method using SecurityTasksApiService
- Conditionally transition to AssignTasks view when tasks are available
- Add onTasksAssigned() handler to close dialog after successful assignment
- Add onBack() handler to navigate back to SelectApplications view
- Add loading state guard to prevent double-click on Mark as Critical button
- Only show success toast and close dialog if no tasks to assign
Related to PM-27619
* feat(dirt): add embedded assign tasks view to dialog template
Update dialog template to conditionally render embedded
AssignTasksViewComponent using @if directive.
- Add conditional rendering for SelectApplications and AssignTasks views
- Update dialog title dynamically based on currentView
- Embed dirt-assign-tasks-view component in AssignTasks view
- Pass selectedApplicationsCount via input binding
- Listen to tasksAssigned and back output events
- Show footer buttons only for SelectApplications view
- Add loading and disabled states to Mark as Critical button
- Change Cancel button to not auto-close (user must navigate)
Related to PM-27619
* feat(dirt): add i18n keys for assign tasks view
Add localized strings for embedded assign tasks view component.
* resolve organizationId and DI issues in assign tasks flow
- Pass organizationId via dialog data to prevent async race conditions
- Pass organizationId as input to AssignTasksViewComponent (embedded components can't access route params)
- Add DefaultAdminTaskService to component providers to fix NullInjectorError
- Remove unnecessary route subscription from embedded component
- Follow password-change-metric.component.ts pattern for consistency
- Add detailed comments explaining architectural decisions and bug fixes
* cleanup styling
* refactor(dirt): remove newApplications validation from OrganizationReportSummary type guard
Removes redundant newApplications field validation from the
OrganizationReportSummary type guard and related test cases.
**Changes:**
- Remove "newApplications" from allowed keys in isOrganizationReportSummary()
- Remove newApplications array validation logic
- Remove newApplications validation from validateOrganizationReportSummary()
- Remove 2 test cases for newApplications validation
- Remove newApplications field from 8 test data objects
**Rationale:**
The newApplications field was removed from OrganizationReportSummary type
definition because it's derived data that can be calculated from
applicationData (filtering where reviewedDate === null). The data is now
accessed via the reactive newApplications$ observable instead of being
stored redundantly in the summary object.
**Impact:**
- No functional changes - UI continues to display new applications via observable
- Type guard now correctly validates the actual OrganizationReportSummary structure
- Eliminates data redundancy and maintains single source of truth
- All 43 tests passing
* improve assign tasks view display
- Remove illustration/preview section (mailbox icon and prompt text)
- Show unique member count instead of calculated task count
- Use reportSummary.totalCriticalAtRiskMemberCount from AllActivitiesService
- Remove unused SecurityTasksApiService dependency
- Follow same pattern as all-activity.component.ts for consistency
* logic to fetch totals and new styling
* Fix review applications review view and assign view flow
* Fix null type checks
* refactor assign tasks dialog: use callout component, add video, fix OnPush, improve error handling
* Add columns, description, search, and bulk select to new applications dialog
* Add count placeholder for critical applications marked message
* Address claude comments
---------
Co-authored-by: Tom <ttalty@bitwarden.com>
Co-authored-by: Leslie Tilton <23057410+Banrion@users.noreply.github.com>
Co-authored-by: maxkpower <mpower@bitwarden.com>
* expose local db file to extension
* fetch from local db as fallback; only fetch new data on changed checksum; fetch from cdn
* check for undefined chrome runtime (for easy Storybook mocking)
* update capital letters lint
* add audit api tests
* add bash script to fetch local db info and split it to meet FF size limits
* add readme
* Rename README.md to readme.md
* remove leftover file
* remove unused methods from audit service
* remove local db logic
* wip
* revert local db build changes
* add tests; sub to updates directly; refactor teardown logic
* fix eslint crashing
* remove temp premium override
* remove unused test
* update timer value
* run prettier
* refetch all domains on app version change
* fix log statement
* harden fetching
* filter empty domains
* fix type issue
* fix typo
* fix type error
* fix cleanup
