[PM-32122] Add cookie acquisition navigation

[SaintPatrck]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-32122

📔 Objective

Add cookie acquisition as a top-level destination in the outer NavHost (alongside root navigation and debug menu) so it can overlay the app without interfering with the state-based navigation in RootNavScreen.

MainViewModel monitors the cookie acquisition request flow combined with user/vault state and emits a one-shot NavigateToCookieAcquisition event when conditions are met. Dismissal is handled by the child CookieAcquisitionViewModel via a NavigateBack event (implementing BackgroundEvent to survive Custom Tab lifecycle transitions), which triggers popBackStack through an onDismiss callback.

Wire the AuthCallback deeplink so cookie results from the browser are delivered back to the auth repository's cookie callback result flow.

Add debug menu controls for triggering cookie acquisition manually during development.

🧪 Testing

1. Log in and unlock the vault
2. Open the debug menu and tap "Trigger cookie acquisition"
3. Verify the cookie acquisition screen slides up
4. Tap "Launch browser" — verify custom tab opens
5. Simulate the deeplink callback: adb shell am start -a android.intent.action.VIEW -d "bitwarden://sso_cookie_vendor?cookie=value&d=1" — verify the screen auto-dismisses
6. Tap "Continue without syncing" — verify the screen dismisses
7. Tap "Why am I seeing this?" — verify help URL opens

📸 Screenshots

Screen_recording_20260212_160150.mp4

[github-actions]

Checkmarx One – Scan Summary & Details – f4d52e35-c51f-41b5-882d-840269be597b

Great job! No new security vulnerabilities introduced in this pull request

[codecov]

Codecov Report

❌ Patch coverage is 93.87755% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 86.38%. Comparing base (f6f630f) to head (6c97fc5).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
...n/ui/platform/feature/debugmenu/DebugMenuScreen.kt	80.00%	2 Missing ⚠️
...ature/cookieacquisition/CookieAcquisitionScreen.kt	66.66%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6529      +/-   ##
==========================================
+ Coverage   86.37%   86.38%   +0.01%     
==========================================
  Files         802      799       -3     
  Lines       56993    57000       +7     
  Branches     8245     8253       +8     
==========================================
+ Hits        49227    49239      +12     
+ Misses       4901     4895       -6     
- Partials     2865     2866       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[claude]

Claude finished @SaintPatrck's task in 4m 26s —— View job

---

Code Review: PM-32122 Add cookie acquisition navigation

Reviewed commit: 6c97fc58b | Base: main

Overview

This PR adds cookie acquisition as a top-level destination in the outer NavHost, wires MainViewModel to monitor cookie acquisition readiness, handles deeplink callbacks for cookie results, and adds debug menu controls.

Review Summary

No issues found. This is a clean, well-structured implementation that follows established codebase patterns.

Key Observations

Architecture -- Cookie acquisition is correctly placed as a top-level NavHost destination (alongside root navigation and debug menu), preventing interference with the state-based navigation in RootNavScreen. This mirrors the existing debugMenuDestination pattern.

Navigation safety -- The BackHandler in CookieAcquisitionScreen correctly routes back through the ViewModel (ContinueWithoutSyncingClick) to clear the pending cookie request before dismissing. Without this, MainViewModel's combine flow would immediately re-navigate since the conditions would remain true. launchSingleTop = true on navigateToCookieAcquisition() provides additional protection against duplicate destinations.

Reactive flow design -- The combine(userStateFlow, cookieAcquisitionRequestFlow) pattern in MainViewModel with distinctUntilChanged().filter { it } correctly gates navigation to fire only when conditions transition to true, preventing repeated events on state re-emissions.

BackgroundEvent on NavigateBack -- CookieAcquisitionEvent.NavigateBack correctly implements BackgroundEvent since the cookie callback result can arrive while the screen is not in RESUMED state (returning from a Custom Tab browser session). The EventsEffect lifecycle filter would otherwise drop this event.

Deeplink isolation -- Cookie callbacks (bitwarden://sso_cookie_vendor) and SSO callbacks (bitwarden://sso-callback) use distinct URI hosts, so there is no ambiguity in AuthCallbackViewModel's when dispatch.

Test coverage -- Comprehensive tests cover the positive navigation case, negative (null request) case, BackHandler behavior, NavigateBack event propagation, cookie callback routing in AuthCallbackViewModel, and debug menu trigger.

Prior Review Feedback

All feedback from previous review rounds has been addressed: onSplashScreenRemoved() moved inside the composable lambda, comment text corrected, unused suppressions removed, and onDismissCalled assignment removed from test setUp.

---

Reviewed by Claude (automated review)

[david-livefront]

👍

[david-livefront]

Are these changes needed?

[SaintPatrck]

No. Leftover from experimenting with declaring acquisition destination in the RootNav. Extracted to #6553.

[david-livefront]

👍

[SaintPatrck]

Thanks @david-livefront