[PM-26061] Consolidate Debug Menu to BitwardenKit

[KatherineInCode]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-26061

📔 Objective

This consolidates the Debug Menu and related objects to BitwardenKit, as part of a broader effort to consolidate things to BitwardenKit.

I had to also bring in our safeIndex array extension as part of this, but I also think we should expand usage of it (particularly in tests).

I also split out the "Generate SDK Error" from "Generate Error", to provide more granular control. As well, I changed which kind of error is generated.

The close button of the Debug menu has also been updated to match the rest of the app.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – bbb582dc-1203-455f-bbf2-5d194d2a3d6f

Great job! No new security vulnerabilities introduced in this pull request

[codecov]

Codecov Report

❌ Patch coverage is 91.52542% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.13%. Comparing base (8739967) to head (b3725fa).
⚠️ Report is 4 commits behind head on main.

Files with missing lines	Patch %	Lines
...hared/UI/Platform/Application/AppCoordinator.swift	12.50%	7 Missing ⚠️
GlobalTestHelpers-bwa/MockAppModule.swift	0.00%	2 Missing ⚠️
...Kit/UI/Platform/DebugMenu/DebugMenuProcessor.swift	95.65%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2177      +/-   ##
==========================================
- Coverage   85.42%   84.13%   -1.29%     
==========================================
  Files        1733     1974     +241     
  Lines      146246   161551   +15305     
==========================================
+ Hits       124926   135918   +10992     
- Misses      21320    25633    +4313     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[claude]

Claude finished @KatherineInCode's task —— View job

---

Code Review: PR 2177 - Consolidate Debug Menu to BitwardenKit

• Conduct comprehensive code review of PR changes
• Analyze architecture compliance
• Check code style and best practices
• Review test coverage
• Evaluate security considerations
• Address existing review comments

---

Overall Assessment: APPROVE with Required Fix

This PR successfully consolidates the Debug Menu from AuthenticatorShared to BitwardenKit, making it available for broader reuse. The architecture changes are sound, code follows established patterns, and tests are comprehensive.

---

Critical SDK Hex Concern Analysis

✅ SDK Hex Pattern - NOT A BREAKING CONCERN

Addresses @fedemkr's question about 464161978EAC5FCE

The commit b3725fad6 properly addressed this concern by implementing a regex-based approach in BitwardenKit/Core/Platform/Utilities/ErrorReportBuilderTests.swift:81,119,155:

func zeroingUnwantedHexStrings() -> String {
    let sdkAddressPattern = "_[0-9a-fA-F]{12,16}_" // Matches 12 to 16 hex digits
    let sdkAddressReplacement = "_0000000000000000_"
    // applies regex replacement
}

Why this works:

• Pattern _[0-9a-fA-F]{12,16}_ matches ANY hex string between underscores
• Will match current BitwardenSdk_464161978EAC5FCE_PackageProduct
• Will ALSO match future SDK versions with different hex values
• Applied before snapshot comparison, making tests resilient to SDK updates

Verdict: Tests will NOT break with SDK updates. The implementation dynamically zeros out hex addresses regardless of their value.

---

Must Fix Before Merge

❌ Missing Localization String

File: BitwardenKit/UI/Platform/DebugMenu/DebugMenuView.swift:54

The view references Localizations.generateSdkErrorReport but this key is missing from BitwardenResources/Localizations/en.lproj/Localizable.strings.

Required addition:

"GenerateSdkErrorReport" = "Generate SDK Error Report";

Impact: Button label will display raw key instead of localized text.

---

Should Address

⚠️ Commented-out Coordinator Tests

File: BitwardenKit/UI/Platform/DebugMenu/DebugMenuCoordinatorTests.swift:1-70

The entire test class is commented out, likely due to dependency on BitwardenShared mocks during migration. These tests should be restored before merge or tracked for immediate follow-up.

---

Positive Observations

✅ Architecture Compliance

• Module Pattern: DebugMenuModule protocol properly defines coordinator factory
• Coordinator-Processor-View: Standard unidirectional data flow maintained
• Dependency Injection: Uses ServiceContainer with Services typealias pattern
• Target Organization: Correctly moves shared functionality to BitwardenKit

✅ Close Button Implementation

File: BitwardenKit/UI/Platform/DebugMenu/DebugMenuView.swift:31-34

Correctly switches from custom implementation to existing closeToolbarButton helper, following the guideline "Use Established Patterns: Leverage existing components before creating new ones."

✅ Error Generation Separation

Files: BitwardenKit/UI/Platform/DebugMenu/DebugMenuAction.swift:13, DebugMenuProcessor.swift:62-76

Splitting "Generate Error" from "Generate SDK Error" provides:

• More granular control for testing different error reporting paths
• Clearer distinction between app-level and SDK-level errors
• Better debugging capabilities

Both actions have dedicated test coverage.

✅ ShakeWindow Documentation

File: BitwardenKit/UI/Platform/Application/Views/ShakeWindow.swift:5-10

Documentation improved with clear explanation of DEBUG_MENU conditional compilation and security boundary.

✅ Array Extension Consolidation

File: BitwardenKit/Core/Platform/Extensions/Array+Extensions.swift:1-23

safeIndex correctly moved to BitwardenKit. As noted in PR description, expanding usage throughout tests is a sound future improvement to prevent out-of-bounds crashes.

✅ Explicit Dependencies

Files: project-bwk.yml, project-pm.yml

Explicit BitwardenSdk dependencies properly added since DebugMenu now uses BitwardenSdk.BitwardenError directly. Follows Swift Package Manager best practices.

---

Security Considerations

Status: NO CONCERNS ✅

• DEBUG_MENU compilation flag properly enforced
• Generated errors contain no sensitive data
• Debug menu appropriately gated by build configuration
• Zero-knowledge architecture preserved

---

Test Coverage

Status: COMPREHENSIVE ✅

All active tests passing:

• ✅ DebugMenuProcessorTests.swift - All tests passing
• ✅ DebugMenuView+SnapshotTests.swift - Snapshot updated
• ✅ DebugMenuView+ViewInspectorTests.swift - Tests passing
• ✅ ErrorReportBuilderTests.swift - Enhanced with SDK hex zeroing
• ⚠️ DebugMenuCoordinatorTests.swift - Commented out, needs restoration

---

Code Style Compliance

Status: COMPLIANT ✅

• DocC documentation on all public interfaces
• Follows Swift/Bitwarden style conventions
• Proper MARK comments for organization
• Clear, descriptive naming
• Correct protocol conformance patterns

---

Summary

Recommendation: APPROVE after adding the missing localization string.

Action Items:

1. Required: Add generateSdkErrorReport localization string
2. Recommended: Restore or track restoration of DebugMenuCoordinatorTests

The SDK hex concern has been properly mitigated and won't cause issues with future SDK updates. The consolidation follows Bitwarden architecture patterns correctly and improves code organization.

[fedemkr]

Looks good, just one small question.

[fedemkr]

🤔 I'm wondering if the 464161978EAC5FCE changes with new releases of the SDK. If so, we should make this more flexible or the test will fail every time the SDK gets updated.

[KatherineInCode]

That's a very good question, I don't actually know 🤔 I'll dig into it, see where that's coming from and how I can update the snapshot test to handle it better.

[KatherineInCode]

@fedemkr As near as I could tell, the hex string didn't change with a new release. However, just to be safe, I still set it up to zero out that hex string (like we're already doing with the addresses).