Merge branch 'main' into ios/PM-23500/sourcery-usage

# Conflicts:
#	docs/architecture/mobile-clients/ios/index.md

Author: fedemkr

.claude/CLAUDE.md

@@ -0,0 +1,122 @@
+# Bitwarden Contributing Docs - Claude Code Configuration
+
+- **OFTEN** prefer editing existing files over creating new ones
+- **ALWAYS** follow the established patterns for frontmatter, conditional content, and structure
+- **ALWAYS** validate code and diagram syntax
+
+## Repository structure
+
+- **docs/** - Documentation content organized into three main sections:
+  - **getting-started/** - Setup instructions for various Bitwarden projects (clients, server,
+    mobile, SDK)
+  - **contributing/** - Contribution guidelines including code style, pull requests, testing, and
+    database migrations
+  - **architecture/** - Technical architecture documentation, ADRs (Architecture Decision Records),
+    and deep dives into specific features
+- **src/** - Docusaurus custom components and React code
+- **static/** - Static assets like images
+- **scripts/** - Build and development scripts
+
+## Key technologies
+
+- **Docusaurus** - Static site generator
+- **React** - UI framework
+- **TypeScript**
+- **Node.js**
+
+## Development commands
+
+```bash
+npm ci                 # Install dependencies
+npm start              # Start local dev server with SSL (requires .env setup)
+npm start:insecure     # Start without SSL
+npm run build          # Generate static site
+npm run prettier       # Format code
+npm run lint           # Check code formatting
+npm run spellcheck     # Run cspell on Markdown files
+npm run typecheck      # Run TypeScript type checking
+```
+
+## Documentation writing guidelines
+
+### Style guide
+
+- Use numbered paragraphs for instructions/procedures, starting with action-oriented verbs ("click",
+  "type", "restart")
+- Headings should start with capitalization but following words are not capitalized
+- Use code blocks for all commands (not inline)
+- Keep paragraphs concise and to-the-point
+- Add custom words to `custom-words.txt` if needed for spellchecking
+- Include trailing commas for multi-line lists
+- Do not use code regions
+- Follow language-specific guidelines for code examples in `docs/contributing/code-style/`
+- Diagrams should use [Mermaid](https://mermaid.js.org/)
+- Large code examples should be in `<details>` blocks
+
+### Conditional content
+
+The site serves both internal Bitwarden employees and external community contributors. Use these
+tags to target specific audiences:
+
+```md
+<Community>
+Content for community contributors only
+</Community>
+
+<Bitwarden>
+Content for Bitwarden employees only
+</Bitwarden>
+```
+
+To hide pages from navigation, use frontmatter:
+
+```yml
+---
+sidebar_custom_props:
+  access: bitwarden # or community
+---
+```
+
+## Code review and ownership
+
+Tech leads generally review all documentation changes. See [.github/CODEOWNERS](.github/CODEOWNERS)
+for full ownership details.
+
+## Pull request strategy
+
+- Prefer small, incremental PRs
+- Merge directly to `main`
+- Avoid using long-lived feature branches and keep content changes relatively small and iterative
+
+## Working with this repository
+
+### When editing documentation
+
+1. Always follow the style guide (numbered instructions, code blocks, brevity)
+2. Consider if content should be conditional using `<Community>` or `<Bitwarden>` tags
+3. Run `npm run spellcheck` before committing
+4. Ensure proper frontmatter is set (sidebar position, access restrictions, etc.)
+5. Reference the appropriate section (getting-started, contributing, or architecture)
+
+### When adding new files
+
+1. Place in the appropriate docs subdirectory
+2. Include frontmatter with at least `sidebar_position`
+3. Add any technical terms to `custom-words.txt`
+4. Update sidebars.js if needed for navigation structure
+
+### Architecture documentation
+
+- ADRs go in `docs/architecture/adr/` with format `####-title.md`
+- Follow existing ADR structure (Status, Context, Decision, Consequences)
+
+## Testing before committing
+
+1. Run `npm run spellcheck` to catch typos
+2. Run `npm run lint` to ensure formatting is correct
+3. Run `npm start` to preview changes locally
+4. Verify conditional content displays correctly by switching between Community/Bitwarden modes in
+   the dropdown
+
+For most changes you can rely on making a draft pull request and testing it live with a branch
+deployment.

.claude/prompts/review-code.md

@@ -0,0 +1,21 @@
+Please review this pull request with a focus on documentation content, clarity, and overall quality.
+
+Ensure that the documentation is accurate, well-structured, and easy to understand.
+
+Check for grammar, spelling, and formatting problems.
+
+Verify that any code examples are correct and follow best practices.
+
+Assess whether the documentation meets the needs of its intended audience.
+
+Suggest improvements where necessary and provide detailed feedback using inline comments for
+specific feedback.
+
+When reviewing subsequent commits:
+
+- Track status of previously identified findings (fixed/unfixed/reopened)
+- Identify NEW problems introduced since last review
+- Note if changes introduced any new findings
+
+IMPORTANT: Be comprehensive about findings and improvements. For good practices, be brief - just
+note what was done well without explaining why or praising excessively.

.github/CODEOWNERS

@@ -4,15 +4,29 @@
 #
 # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
 
-# Leads for all reviews of documentation.
+# Leads for all reviews of documentation
 * @bitwarden/tech-leads
 
 # Unowned files
 package.json
 package-lock.json
 
-# Architecture department for architecture content.
+# Architecture department for architecture content
 docs/architecture @bitwarden/dept-architecture
 
+# Architecture and AppSec for security concepts
+docs/architecture/security @bitwarden/team-appsec @bitwarden/dept-architecture
+
 # Shared workflows ownership
 .github/workflows/build.yml @bitwarden/dept-bre @bitwarden/tech-leads
+
+# Docker-related files
+**/Dockerfile @bitwarden/team-appsec @bitwarden/dept-bre
+**/*.dockerignore @bitwarden/team-appsec @bitwarden/dept-bre
+**/entrypoint.sh @bitwarden/team-appsec @bitwarden/dept-bre
+**/docker-compose.yml @bitwarden/team-appsec @bitwarden/dept-bre
+
+# Claude related files
+.claude/ @bitwarden/team-ai-sme
+.github/workflows/respond.yml @bitwarden/team-ai-sme
+.github/workflows/review-code.yml @bitwarden/team-ai-sme

.github/workflows/build.yml

@@ -16,10 +16,12 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         with:
           cache: "npm"
           cache-dependency-path: "**/package-lock.json"

.github/workflows/label.yml

@@ -13,6 +13,6 @@ jobs:
 
     steps:
       - name: Label pull request
-        uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
+        uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
         with:
           sync-labels: true # Remove labels if matches are removed

.github/workflows/lint.yml

@@ -16,10 +16,12 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         with:
           cache: "npm"
           cache-dependency-path: "**/package-lock.json"

.github/workflows/respond.yml

@@ -0,0 +1,28 @@
+name: Respond
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+permissions: {}
+
+jobs:
+  respond:
+    name: Respond
+    uses: bitwarden/gh-actions/.github/workflows/_respond.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      actions: read
+      contents: write
+      id-token: write
+      issues: write
+      pull-requests: write

.github/workflows/review-code.yml

@@ -0,0 +1,21 @@
+name: Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+permissions: {}
+
+jobs:
+  review:
+    name: Review
+    uses: bitwarden/gh-actions/.github/workflows/_review-code.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+      pull-requests: write

.github/workflows/review-pr-comment.yml

@@ -0,0 +1,36 @@
+name: Review PR comment
+
+on:
+  pull_request_review_comment:
+    types: [created]
+  pull_request_review:
+    types: [submitted]
+
+permissions: {}
+
+jobs:
+  review:
+    name: Review
+    if: |
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude'))
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 1
+          persist-credentials: false
+
+      - name: Review with Claude Code
+        uses: anthropics/claude-code-action@a5528eec7426a4f0c9c1ac96018daa53ebd05bc4 # v1.0.7
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          claude_args:
+            '--allowed-tools "Bash(gh search:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr
+            view:*),Bash(gh pr list:*)"'

README.md

@@ -11,7 +11,7 @@ documentation is available at https://contributing.bitwarden.com/.
 npm ci
 ```
 
-## Local Development
+## Local development
 
 ```bash
 npm start
@@ -71,7 +71,7 @@ We use `cspell` for spellchecking. It will run as a pre-commit hook and in the C
 Spellchecking ignores single and multi-line code snippets. If required, you can add custom words
 (e.g. proper nouns and technical terms) to `custom-words.txt`.
 
-### Conditional Content
+### Conditional content
 
 The Contributing Docs site is used both for internal and external contributors. To this end we've
 facilitated a mean to conditionally show content for either group. This is primarily to keep the