* feat: Add Exchange/EWS debugging patches and error classification (#3187)

* chore(theme): transparency mode not removing background of server view (#3156)

* Language update from Lingohub 🤖 (#3165)

Project Name: Rocket.Chat.Electron
Project Link: https://app.lingohub.com/project/pr_1Ag2Vlx6MWNt-16038/branches/prb_16rm9BiWK53b-4144
User: Lingohub Robot

Easy language translations with Lingohub 🚀

Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>

* feat: Implement user theme preference settings  (#3160)

* feat: Implement user theme preference settings and remove legacy theme appearance handling

- Introduced a new `ThemeAppearance` component to manage user theme preferences, allowing selection between 'auto', 'light', and 'dark' themes.
- Updated state management to include `userThemePreference`, replacing the previous `themeAppearance` handling.
- Removed deprecated theme appearance logic from various components and files, streamlining the codebase.
- Added internationalization support for theme appearance settings across multiple languages.
- Enhanced the UI to reflect user-selected theme preferences dynamically.

* fix(i18n): Correct Norwegian translation for theme appearance description

* fix(theme): Validate theme preference values before dispatching

- Updated the `handleChangeTheme` function to include validation for theme preference values, ensuring only 'auto', 'light', or 'dark' are accepted. This change prevents invalid values from being dispatched, enhancing the robustness of the theme management logic.

* refactor(DocumentViewer): Update theme management to utilize Redux state for user preferences

- Replaced the use of `useDarkMode` with Redux selectors to determine the theme based on user preferences and machine theme.
- Enhanced theme logic to support 'auto', 'light', and 'dark' settings, improving the flexibility and responsiveness of the theme management in the DocumentViewer component.

* refactor(DocumentViewer): Simplify theme management by removing Redux dependencies

- Eliminated the use of Redux selectors for theme management in the DocumentViewer component, replacing it with a static 'tint' background and default color settings.
- Streamlined the component's code by removing unnecessary theme logic, enhancing readability and maintainability.

* chore: Clean up code by removing unnecessary blank lines in ThemeAppearance, TransparentWindow, and userThemePreference files

* fix: Address PR review comments and restore API compatibility

- Remove trailing blank lines from ThemeAppearance.tsx, TransparentWindow.tsx, and userThemePreference.ts
- Restore setUserThemeAppearance as no-op function for backwards compatibility with @rocket.chat/desktop-api interface

* fix: resolve 91 security vulnerabilities in dependencies (#3173)

* fix: resolve 91 security vulnerabilities in dependencies

- Update axios 1.6.4 -> 1.13.2 (SSRF, DoS, credential leakage)
- Update electron-updater 5.3.0 -> 6.3.9 (code signing bypass)
- Update rollup 4.9.6 -> 4.32.0 (DOM clobbering XSS)
- Update glob 11.0.3 -> 11.1.0 in workspace (command injection)
- Add resolutions for transitive dependencies:
  - cross-spawn, braces, ws, follow-redirects
  - form-data, tar-fs, undici
- Add comprehensive security remediation documentation

* docs: fix markdown lint - add language specifier to code block

* chore: Remove security documentation from repository

Security vulnerability remediation documentation kept locally for reference.

* fix: Issues in German translation (#3155)

* chore: Upgrade Electron and Node.js versions, update README and packa… (#3179)

* chore: Upgrade Electron and Node.js versions, update README and package configurations

- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.

* chore: Bump version numbers in configuration files

- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.

* docs: Update README to reflect new platform support and installation formats

- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.

* docs: Revise README layout for download links

- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.

* chore: Update @types/node version in package.json and yarn.lock

- Upgraded @types/node from version 16.18.69 to 25.0.10 in both package.json and yarn.lock to ensure compatibility with the latest TypeScript features and improvements.

* chore: Enable alpha releases (#3180)

* chore: Upgrade Electron and Node.js versions, update README and package configurations

- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.

* chore: Bump version numbers in configuration files

- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.

* docs: Update README to reflect new platform support and installation formats

- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.

* docs: Revise README layout for download links

- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.

* docs: Add alpha release process documentation

- Introduced a new document detailing the alpha release process for the Rocket.Chat Desktop app, including channel definitions, versioning guidelines, and steps for creating and publishing alpha releases.
- Included instructions for users to opt into the alpha channel and troubleshooting tips for common issues.

* chore: Update architecture support and Node.js version requirements

- Added 'arm64' architecture support to the build targets in electron-builder.json for NSIS, MSI, and ZIP formats.
- Lowered the minimum Node.js version requirement in package.json from >=24.11.1 to >=20.0.0 for better compatibility.

* chore: Change develop branch to dev for release workflow

Update build-release workflow and desktop-release-action to use 'dev'
branch instead of 'develop' for development releases.

* chore: Update versioning and add release tag script

- Bumped version in package.json to 4.12.0.alpha.1.
- Added scripts/release-tag.ts for automated release tagging.
- Updated .eslintignore to exclude the new scripts directory.

* chore: Correct version format in package.json

- Updated version format in package.json from "4.12.0.alpha.1" to "4.12.0-alpha.1" for consistency.

* chore: Update all workflows to use dev branch instead of develop

- validate-pr.yml: Add dev to PR target branches
- powershell-lint.yml: Change develop to dev
- pull-request-build.yml: Change develop to dev

* fix: Normalize tags for consistent comparison in release-tag script

Strip leading 'v' prefix when comparing tags to handle both v-prefixed
and non-prefixed tag formats consistently.

* chore: Increment bundle version in electron-builder.json to 26012

* chore: Address nitpick comments in release-tag script

- Add comment explaining why /scripts is excluded from eslint
- Return null on exec error to distinguish from empty output
- Add warning when git tag list fails
- Use -- separator in git commands for safety

* fix: Add jsign to GITHUB_PATH in Windows CI setup

The jsign tool was being installed but not added to PATH for subsequent
steps. This caused the "Verify tools" step to fail with "jsign not found".

* chore: Bump version to 4.12.0-alpha.2

- Updated version in package.json to 4.12.0-alpha.2
- Incremented bundleVersion in electron-builder.json to 26013

* docs: Add QA testing guide for alpha channel updates

* docs: Rename alpha docs to pre-release and fix workflow concurrency

- Rename alpha-release-process.md to pre-release-process.md
- Add beta release documentation
- Add detailed channel switching instructions
- Fix concurrency group using github.ref instead of github.head_ref
  (github.head_ref is empty for push events, causing tag builds to cancel)

* feat(outlook): add @ewsjs/xhr debugging patches

Add comprehensive NTLM authentication debugging to @ewsjs/xhr library:

- patches-src/ directory structure for maintainable patches
- Enhanced ntlmProvider.ts with detailed NTLM handshake logging
- Enhanced xhrApi.ts with HTTP request/response debugging
- Yarn patch resolution for @ewsjs/[email protected]
- apply-patches.sh script for regenerating patches

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)

Co-authored-by: Sisyphus <[email protected]>

* feat(outlook): add type definitions for calendar sync

Add error-related type definitions to support error classification:

- ErrorSource: exchange, rocket_chat, desktop_app, network, authentication, configuration
- ErrorSeverity: low, medium, high, critical
- OutlookCalendarError: full error object with context
- ErrorClassification: pattern matching result type

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)

Co-authored-by: Sisyphus <[email protected]>

* feat(outlook): add error classification system

Add comprehensive error classification for Outlook calendar sync:

- Pattern-based error detection for Exchange, Rocket.Chat, and desktop errors
- Automatic severity and source classification
- User-friendly error messages with suggested actions
- Structured logging format for debugging
- Support for NTLM auth, network, SSL, and credential errors

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)

Co-authored-by: Sisyphus <[email protected]>

* feat(outlook): enhance calendar sync with debugging and mutex

* test(outlook): add tests for getOutlookEvents

* feat(outlook): add logging infrastructure for calendar debugging

* chore: fix linting issues for Outlook calendar debugging

- Exclude patches-src/ from eslint (not part of main build)
- Fix has-credentials handler return type to match expected signature

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)

Co-authored-by: Sisyphus <[email protected]>

* fix: address CodeRabbit review issues for Outlook calendar

- Fix console transport recursion by using originalConsole in writeFn
- Fix infinite recursion in redactObject using destructuring
- Remove NTLM Type 3 message logging (contains credentials)
- Fix queued sync promises never resolving by tracking resolve/reject
- Fix unhandled async errors in preload using .then().catch()
- Accept HTTP 2xx status codes instead of only 200
- Fix URL validation to check pathname instead of full URL
- Update tests to match actual implementation behavior

* feat(settings): add Developer tab with verbose Outlook logging toggle

- Add Developer tab in Settings (only visible when developer mode enabled)
- Add verbose Outlook logging toggle to control [OutlookCalendar] console output
- Add colored console output for better visibility on dark themes
- Redirect to General tab when developer mode disabled while on Developer tab
- Create centralized logger (outlookLog, outlookError, etc.) in src/outlookCalendar/logger.ts
- Convert all direct console.log calls to use centralized logger
- Fix infinite recursion bug in patches (verboseLog calling itself)
- Add AGENTS.md documentation files for knowledge management
- Use theme-aware colors for Settings UI text

* fix(ci): remove conflicting patch-package patch for @ewsjs/xhr

The @ewsjs/xhr package is already patched via Yarn's patch protocol
(.yarn/patches/). The patch-package patch was accidentally added and
conflicts with the already-applied Yarn patch, causing CI failures.

* docs: add patching mechanism documentation to AGENTS.md

Clarify that @ewsjs/xhr uses Yarn patch protocol (.yarn/patches/)
while patch-package (patches/) is only for other packages.
This prevents accidental CI breakage from conflicting patches.

* fix: address CodeRabbit review comments

- logger.ts: Use shared prefix constants instead of duplicating strings
- getOutlookEvents.ts: Replace Promise.reject() with throw statements
- getOutlookEvents.ts: Route console.error through outlookError
- ipc.ts: Route all console.* through outlookLog/outlookWarn/outlookError
- ipc.ts: Replace Promise.reject(e) with throw e
- AGENTS.md: Fix markdown formatting and update versions

* fix(outlook): address CodeRabbit review issues

- Add JSDoc to syncEventsWithRocketChatServer documenting sync coalescing
- Remove isSyncInProgress check in initial sync (let queue handle it)
- Remove logging implementation details test (tested console.log colors)

* chore: remove unused patches-src directory

The debugging code in patches-src/ was never applied - only the minimal
bug fix in .yarn/patches/ is used. Removing dead code to avoid confusion.

* fix: address all code review issues from PR #3187 review

CRITICAL fixes:
- Support multi-server sync state (Map instead of globals)
- Fix Promise<Promise<boolean>> return type
- Use JSON.stringify for safe string escaping in executeJavaScript

MAJOR fixes:
- Add RocketChat calendar event types for type safety
- CRUD operations now return {success, error?} instead of swallowing errors
- Replace sync fs.appendFileSync with async fs.promises.appendFile
- Add useId() and htmlFor for accessibility in ThemeAppearance
- Apply privacy redaction to all transports (not just file)

MINOR fixes:
- Extract magic numbers to named constants
- Extract duplicate buildEwsPathname helper function
- Remove unused _context parameter from classifyError
- Remove fire-and-forget connectivity test calls
- Add originalConsole fallback in preload logging
- Optimize getComponentContext to skip stack trace for log/info/debug
- Fix email regex typo: [A-Z|a-z] -> [A-Za-z]
- Fix double timestamp in createClassifiedError
- Replace inline style with Fuselage pt prop

* fix(outlook): fix race condition in sync queue processing

Changed 'if' to 'while' loop to ensure all queued syncs are processed.
Previously, syncs queued while lastSync.run() was executing would be lost
because the queue was cleared before processing started.

* fix: address additional code review issues

- Fix pool exhaustion bug in context.ts: add overflow counter fallback
  when availableServerIds is depleted, emit warning with diagnostics
- Fix PII leak in ipc.ts error logging: move sensitive fields (subject,
  responseData) to verbose-only outlookLog calls at 5 locations
- Fix silent failure in performSync: throw error instead of silent
  return when eventsOnRocketChatServer fetch fails

* fix(logging): add captureComponentStack parameter to getLogContext

Allows callers to opt into stack-based component detection by passing
captureComponentStack=true, while preserving default behavior.

---------

Co-authored-by: Rodrigo Nascimento <[email protected]>
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
Co-authored-by: Max Lee <[email protected]>
Co-authored-by: Sisyphus <[email protected]>

* feat: Add scoped logging infrastructure and log viewer window (#3186)

* chore(theme): transparency mode not removing background of server view (#3156)

* Language update from Lingohub 🤖 (#3165)

Project Name: Rocket.Chat.Electron
Project Link: https://app.lingohub.com/project/pr_1Ag2Vlx6MWNt-16038/branches/prb_16rm9BiWK53b-4144
User: Lingohub Robot

Easy language translations with Lingohub 🚀

Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>

* feat: Implement user theme preference settings  (#3160)

* feat: Implement user theme preference settings and remove legacy theme appearance handling

- Introduced a new `ThemeAppearance` component to manage user theme preferences, allowing selection between 'auto', 'light', and 'dark' themes.
- Updated state management to include `userThemePreference`, replacing the previous `themeAppearance` handling.
- Removed deprecated theme appearance logic from various components and files, streamlining the codebase.
- Added internationalization support for theme appearance settings across multiple languages.
- Enhanced the UI to reflect user-selected theme preferences dynamically.

* fix(i18n): Correct Norwegian translation for theme appearance description

* fix(theme): Validate theme preference values before dispatching

- Updated the `handleChangeTheme` function to include validation for theme preference values, ensuring only 'auto', 'light', or 'dark' are accepted. This change prevents invalid values from being dispatched, enhancing the robustness of the theme management logic.

* refactor(DocumentViewer): Update theme management to utilize Redux state for user preferences

- Replaced the use of `useDarkMode` with Redux selectors to determine the theme based on user preferences and machine theme.
- Enhanced theme logic to support 'auto', 'light', and 'dark' settings, improving the flexibility and responsiveness of the theme management in the DocumentViewer component.

* refactor(DocumentViewer): Simplify theme management by removing Redux dependencies

- Eliminated the use of Redux selectors for theme management in the DocumentViewer component, replacing it with a static 'tint' background and default color settings.
- Streamlined the component's code by removing unnecessary theme logic, enhancing readability and maintainability.

* chore: Clean up code by removing unnecessary blank lines in ThemeAppearance, TransparentWindow, and userThemePreference files

* fix: Address PR review comments and restore API compatibility

- Remove trailing blank lines from ThemeAppearance.tsx, TransparentWindow.tsx, and userThemePreference.ts
- Restore setUserThemeAppearance as no-op function for backwards compatibility with @rocket.chat/desktop-api interface

* fix: resolve 91 security vulnerabilities in dependencies (#3173)

* fix: resolve 91 security vulnerabilities in dependencies

- Update axios 1.6.4 -> 1.13.2 (SSRF, DoS, credential leakage)
- Update electron-updater 5.3.0 -> 6.3.9 (code signing bypass)
- Update rollup 4.9.6 -> 4.32.0 (DOM clobbering XSS)
- Update glob 11.0.3 -> 11.1.0 in workspace (command injection)
- Add resolutions for transitive dependencies:
  - cross-spawn, braces, ws, follow-redirects
  - form-data, tar-fs, undici
- Add comprehensive security remediation documentation

* docs: fix markdown lint - add language specifier to code block

* chore: Remove security documentation from repository

Security vulnerability remediation documentation kept locally for reference.

* fix: Issues in German translation (#3155)

* chore: Upgrade Electron and Node.js versions, update README and packa… (#3179)

* chore: Upgrade Electron and Node.js versions, update README and package configurations

- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.

* chore: Bump version numbers in configuration files

- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.

* docs: Update README to reflect new platform support and installation formats

- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.

* docs: Revise README layout for download links

- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.

* chore: Update @types/node version in package.json and yarn.lock

- Upgraded @types/node from version 16.18.69 to 25.0.10 in both package.json and yarn.lock to ensure compatibility with the latest TypeScript features and improvements.

* chore: Enable alpha releases (#3180)

* chore: Upgrade Electron and Node.js versions, update README and package configurations

- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.

* chore: Bump version numbers in configuration files

- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.

* docs: Update README to reflect new platform support and installation formats

- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.

* docs: Revise README layout for download links

- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.

* docs: Add alpha release process documentation

- Introduced a new document detailing the alpha release process for the Rocket.Chat Desktop app, including channel definitions, versioning guidelines, and steps for creating and publishing alpha releases.
- Included instructions for users to opt into the alpha channel and troubleshooting tips for common issues.

* chore: Update architecture support and Node.js version requirements

- Added 'arm64' architecture support to the build targets in electron-builder.json for NSIS, MSI, and ZIP formats.
- Lowered the minimum Node.js version requirement in package.json from >=24.11.1 to >=20.0.0 for better compatibility.

* chore: Change develop branch to dev for release workflow

Update build-release workflow and desktop-release-action to use 'dev'
branch instead of 'develop' for development releases.

* chore: Update versioning and add release tag script

- Bumped version in package.json to 4.12.0.alpha.1.
- Added scripts/release-tag.ts for automated release tagging.
- Updated .eslintignore to exclude the new scripts directory.

* chore: Correct version format in package.json

- Updated version format in package.json from "4.12.0.alpha.1" to "4.12.0-alpha.1" for consistency.

* chore: Update all workflows to use dev branch instead of develop

- validate-pr.yml: Add dev to PR target branches
- powershell-lint.yml: Change develop to dev
- pull-request-build.yml: Change develop to dev

* fix: Normalize tags for consistent comparison in release-tag script

Strip leading 'v' prefix when comparing tags to handle both v-prefixed
and non-prefixed tag formats consistently.

* chore: Increment bundle version in electron-builder.json to 26012

* chore: Address nitpick comments in release-tag script

- Add comment explaining why /scripts is excluded from eslint
- Return null on exec error to distinguish from empty output
- Add warning when git tag list fails
- Use -- separator in git commands for safety

* fix: Add jsign to GITHUB_PATH in Windows CI setup

The jsign tool was being installed but not added to PATH for subsequent
steps. This caused the "Verify tools" step to fail with "jsign not found".

* chore: Bump version to 4.12.0-alpha.2

- Updated version in package.json to 4.12.0-alpha.2
- Incremented bundleVersion in electron-builder.json to 26013

* docs: Add QA testing guide for alpha channel updates

* docs: Rename alpha docs to pre-release and fix workflow concurrency

- Rename alpha-release-process.md to pre-release-process.md
- Add beta release documentation
- Add detailed channel switching instructions
- Fix concurrency group using github.ref instead of github.head_ref
  (github.head_ref is empty for push events, causing tag builds to cancel)

* feat(logging): add scoped logging infrastructure

* feat(log-viewer): add log viewer window and components

* build: add log viewer window build configuration

* feat: integrate logging and log viewer into app lifecycle

* feat: add log viewer IPC channels and menu item

* feat: add i18n translations and fix UI color tokens

* chore: add logging dependencies and fix type error

* fix: address code review feedback

- Add 'silly' log level to LogLevel type for electron-log compatibility
- Fix duplicate server IDs by using overflow counter instead of MAX_SERVER_ID
- Reset startInProgress flag when retry count exceeded in preload
- Add statLog to log viewer preload API
- Use contextIsolation and preload script for log viewer window security
- Replace direct ipcRenderer usage with window.logViewerAPI in renderer

* revert: restore log viewer window settings and add architecture guidelines

- Revert nodeIntegration/contextIsolation changes that broke log viewer
- Add CLAUDE.md guidelines to prevent destructive architecture changes
- Document that existing code patterns exist for specific reasons

* fix: address code review feedback from CodeRabbit

This commit addresses three major review comments:

1. Remove unused preload script for log viewer window
   - The preload.ts was built but never wired to the BrowserWindow
   - Current implementation uses nodeIntegration: true and contextIsolation: false
   - Removed unused build entry from rollup.config.mjs
   - Deleted unused src/logViewerWindow/preload.ts file

2. Guard programmatic scrolls to prevent disabling auto-scroll
   - Added isAutoScrollingRef to track programmatic vs user-initiated scrolls
   - Set flag before calling scrollToIndex and reset after
   - handleScroll now returns early if scroll is programmatic
   - Prevents auto-scroll from being disabled when virtuosoRef.scrollToIndex triggers onScroll

3. Don't swallow startup failures - exit after logging
   - Changed start().catch(console.error) to properly log error and exit
   - Uses logger.error for structured logging
   - Calls app.exit(1) to prevent partial initialization
   - Prevents app running in broken state after critical failures

4. Add error handling to log viewer menu item
   - Wrapped openLogViewer click handler in try-catch
   - Matches pattern used by videoCallDevTools menu item
   - Logs errors to console for debugging

* fix(log-viewer): guard against non-positive limits in getLastNEntries

Return empty content when limit <= 0 to prevent undefined behavior
from negative slice indices.

---------

Co-authored-by: Rodrigo Nascimento <[email protected]>
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
Co-authored-by: Max Lee <[email protected]>

* fix: Add safe guards to prevent The application GUI just crashed (#3206)

* fix: guard store functions against pre-initialization calls on macOS Tahoe

On macOS 26.x (Tahoe), the IPC call to retrieve the server URL is slower
than on earlier macOS versions, causing the preload to retry with a 1-second
delay. During this window the RC webapp loads and calls
`window.RocketChatDesktop.setTitle()` and `setUserPresenceDetection()`, which
internally invoke `dispatch()` and `listen()` from the Redux store before
`createRendererReduxStore()` has completed. Since `reduxStore` is still
`undefined`, accessing `.dispatch` or `.subscribe` throws a TypeError that
propagates back through contextBridge into the React tree, crashing the app
with "The application GUI just crashed".

Fix: add null guards to `dispatch`, `dispatchSingle`, `dispatchLocal`,
`watch`, and `listen` so they silently no-op instead of throwing when the
store is not yet initialized. The webapp reactively re-fires these calls
once the app is fully ready, so no state is permanently lost.

Also guard `request()` to reject immediately with a clear error rather than
returning a hung Promise that never resolves, preventing potential memory
leaks if `createNotification()` is called before store init.

Simplify the `getInternalVideoChatWindowEnabled` selector as a drive-by.

* fix: add safeSelect for preload context and guard getInternalVideoChatWindowEnabled

select() has no null guard by design — it crashes loudly if called before
store initialization, which is correct for the main process where the store
is always ready before any select() call.

Add safeSelect() for preload contexts where the store may not yet be
initialized. Unlike select(), it returns T | undefined and TypeScript
enforces that callers handle the undefined case.

Use safeSelect in getInternalVideoChatWindowEnabled() with an explicit
?? false fallback, so early calls before store init return false (safe
default) instead of crashing or silently returning undefined-as-boolean.

* fix: Screen picker not loading again after closing by clicking outside it (#3205)

* fix: improve screen share picker cancellation reliability

- Remove redundant dialog.close() call inside onclose handler in Dialog
  hooks (close event fires after dialog is already closed, making the
  call a no-op per WHATWG spec)
- Add safety-net IPC cancellation in ScreenSharePicker: track whether a
  response was sent per picker session; if visible transitions false
  without a response having been sent, send null cancellation as fallback.
  This covers all dismissal paths (click-outside, ESC, programmatic close)
  regardless of the Dialog close event chain

* fix: resolve screen share picker stuck after dismissal

Three compounding bugs caused the screen sharing button to become
permanently unresponsive after the user dismissed the picker by
clicking outside the dialog:

1. handleClose firing after handleShare — when handleShare called
   setVisible(false), the useDialog useEffect triggered dialog.close()
   which synchronously fired onclose → handleClose. Since handleClose
   had no guard, it sent a null cancellation immediately after the real
   sourceId, consuming the ipcMain.once listener with null and leaving
   Jitsi's getDisplayMedia callback unresolved on the next attempt.
   Fix: added responseSentRef.current guard at the top of handleClose.

2. isScreenSharingRequestPending cleared after cb() — Jitsi calls
   getDisplayMedia again synchronously inside the setDisplayMediaRequest-
   Handler callback, re-entering createInternalPickerHandler while
   isScreenSharingRequestPending was still true, permanently blocking
   subsequent requests. Fix: moved markScreenSharingComplete() before
   cb() in both the response listener and the timeout handler.

3. Dual ipcMain.once race in open-screen-picker handler — the jitsiBridge
   IPC path registered its own relay listener without clearing any active
   listener from createInternalPickerHandler first. Fix: call
   cleanupScreenSharingListener() before registering the relay.

Also adds "Open System Preferences" link to the screen recording
permission denied callout, consistent with the microphone permission UX.

* chore: remove outdated Electron 10 comment (#3202)

* Language update from Lingohub 🤖 (#3196)

Project Name: Rocket.Chat.Electron
Project Link: https://app.lingohub.com/project/pr_1Ag2Vlx6MWNt-16038/branches/prb_16rm9BiWK53b-4144
User: Lingohub Robot

Easy language translations with Lingohub 🚀

Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>

* chore: Update hu.i18n.json (#3193)

* chore: Remove package-lock.json in favor of yarn.lock (#3214)

* chore: remove package-lock.json in favor of yarn.lock

This project uses Yarn as its package manager. Having both
package-lock.json and yarn.lock tracked causes conflicts and
breaks npx/npm tooling due to devEngines format differences.

* chore: anchor package-lock.json ignore to repository root

* fix: address code review feedback

- privacy.ts: don't spread message in catch block to avoid leaking
  sensitive fields; return only safe metadata (level, date). Add one-time
  stderr warning when redaction fails for observability.
- store/index.ts: warn when watch() is called before store is initialized
  so callers aren't silently left in uninitialized state.
- hu.i18n.json: fix 'bolt' (shop) -> 'tároló' (storage) for software
  store references. Add missing trailing period for consistency.

---------

Co-authored-by: Rodrigo Nascimento <[email protected]>
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
Co-authored-by: Max Lee <[email protected]>
Co-authored-by: Sisyphus <[email protected]>
Co-authored-by: Santam Roy Choudhury <[email protected]>
Co-authored-by: Balázs Úr <[email protected]>

…e it (RocketChat#3205)

* fix: improve screen share picker cancellation reliability

- Remove redundant dialog.close() call inside onclose handler in Dialog
  hooks (close event fires after dialog is already closed, making the
  call a no-op per WHATWG spec)
- Add safety-net IPC cancellation in ScreenSharePicker: track whether a
  response was sent per picker session; if visible transitions false
  without a response having been sent, send null cancellation as fallback.
  This covers all dismissal paths (click-outside, ESC, programmatic close)
  regardless of the Dialog close event chain

* fix: resolve screen share picker stuck after dismissal

Three compounding bugs caused the screen sharing button to become
permanently unresponsive after the user dismissed the picker by
clicking outside the dialog:

1. handleClose firing after handleShare — when handleShare called
   setVisible(false), the useDialog useEffect triggered dialog.close()
   which synchronously fired onclose → handleClose. Since handleClose
   had no guard, it sent a null cancellation immediately after the real
   sourceId, consuming the ipcMain.once listener with null and leaving
   Jitsi's getDisplayMedia callback unresolved on the next attempt.
   Fix: added responseSentRef.current guard at the top of handleClose.

2. isScreenSharingRequestPending cleared after cb() — Jitsi calls
   getDisplayMedia again synchronously inside the setDisplayMediaRequest-
   Handler callback, re-entering createInternalPickerHandler while
   isScreenSharingRequestPending was still true, permanently blocking
   subsequent requests. Fix: moved markScreenSharingComplete() before
   cb() in both the response listener and the timeout handler.

3. Dual ipcMain.once race in open-screen-picker handler — the jitsiBridge
   IPC path registered its own relay listener without clearing any active
   listener from createInternalPickerHandler first. Fix: call
   cleanupScreenSharingListener() before registering the relay.

Also adds "Open System Preferences" link to the screen recording
permission denied callout, consistent with the microphone permission UX.

…e it (RocketChat#3205)

* fix: improve screen share picker cancellation reliability

- Remove redundant dialog.close() call inside onclose handler in Dialog
  hooks (close event fires after dialog is already closed, making the
  call a no-op per WHATWG spec)
- Add safety-net IPC cancellation in ScreenSharePicker: track whether a
  response was sent per picker session; if visible transitions false
  without a response having been sent, send null cancellation as fallback.
  This covers all dismissal paths (click-outside, ESC, programmatic close)
  regardless of the Dialog close event chain

* fix: resolve screen share picker stuck after dismissal

Three compounding bugs caused the screen sharing button to become
permanently unresponsive after the user dismissed the picker by
clicking outside the dialog:

1. handleClose firing after handleShare — when handleShare called
   setVisible(false), the useDialog useEffect triggered dialog.close()
   which synchronously fired onclose → handleClose. Since handleClose
   had no guard, it sent a null cancellation immediately after the real
   sourceId, consuming the ipcMain.once listener with null and leaving
   Jitsi's getDisplayMedia callback unresolved on the next attempt.
   Fix: added responseSentRef.current guard at the top of handleClose.

2. isScreenSharingRequestPending cleared after cb() — Jitsi calls
   getDisplayMedia again synchronously inside the setDisplayMediaRequest-
   Handler callback, re-entering createInternalPickerHandler while
   isScreenSharingRequestPending was still true, permanently blocking
   subsequent requests. Fix: moved markScreenSharingComplete() before
   cb() in both the response listener and the timeout handler.

3. Dual ipcMain.once race in open-screen-picker handler — the jitsiBridge
   IPC path registered its own relay listener without clearing any active
   listener from createInternalPickerHandler first. Fix: call
   cleanupScreenSharingListener() before registering the relay.

Also adds "Open System Preferences" link to the screen recording
permission denied callout, consistent with the microphone permission UX.

…e it (RocketChat#3205)

* fix: improve screen share picker cancellation reliability

- Remove redundant dialog.close() call inside onclose handler in Dialog
  hooks (close event fires after dialog is already closed, making the
  call a no-op per WHATWG spec)
- Add safety-net IPC cancellation in ScreenSharePicker: track whether a
  response was sent per picker session; if visible transitions false
  without a response having been sent, send null cancellation as fallback.
  This covers all dismissal paths (click-outside, ESC, programmatic close)
  regardless of the Dialog close event chain

* fix: resolve screen share picker stuck after dismissal

Three compounding bugs caused the screen sharing button to become
permanently unresponsive after the user dismissed the picker by
clicking outside the dialog:

1. handleClose firing after handleShare — when handleShare called
   setVisible(false), the useDialog useEffect triggered dialog.close()
   which synchronously fired onclose → handleClose. Since handleClose
   had no guard, it sent a null cancellation immediately after the real
   sourceId, consuming the ipcMain.once listener with null and leaving
   Jitsi's getDisplayMedia callback unresolved on the next attempt.
   Fix: added responseSentRef.current guard at the top of handleClose.

2. isScreenSharingRequestPending cleared after cb() — Jitsi calls
   getDisplayMedia again synchronously inside the setDisplayMediaRequest-
   Handler callback, re-entering createInternalPickerHandler while
   isScreenSharingRequestPending was still true, permanently blocking
   subsequent requests. Fix: moved markScreenSharingComplete() before
   cb() in both the response listener and the timeout handler.

3. Dual ipcMain.once race in open-screen-picker handler — the jitsiBridge
   IPC path registered its own relay listener without clearing any active
   listener from createInternalPickerHandler first. Fix: call
   cleanupScreenSharingListener() before registering the relay.

Also adds "Open System Preferences" link to the screen recording
permission denied callout, consistent with the microphone permission UX.

…e it (RocketChat#3205)

* fix: improve screen share picker cancellation reliability

- Remove redundant dialog.close() call inside onclose handler in Dialog
  hooks (close event fires after dialog is already closed, making the
  call a no-op per WHATWG spec)
- Add safety-net IPC cancellation in ScreenSharePicker: track whether a
  response was sent per picker session; if visible transitions false
  without a response having been sent, send null cancellation as fallback.
  This covers all dismissal paths (click-outside, ESC, programmatic close)
  regardless of the Dialog close event chain

* fix: resolve screen share picker stuck after dismissal

Three compounding bugs caused the screen sharing button to become
permanently unresponsive after the user dismissed the picker by
clicking outside the dialog:

1. handleClose firing after handleShare — when handleShare called
   setVisible(false), the useDialog useEffect triggered dialog.close()
   which synchronously fired onclose → handleClose. Since handleClose
   had no guard, it sent a null cancellation immediately after the real
   sourceId, consuming the ipcMain.once listener with null and leaving
   Jitsi's getDisplayMedia callback unresolved on the next attempt.
   Fix: added responseSentRef.current guard at the top of handleClose.

2. isScreenSharingRequestPending cleared after cb() — Jitsi calls
   getDisplayMedia again synchronously inside the setDisplayMediaRequest-
   Handler callback, re-entering createInternalPickerHandler while
   isScreenSharingRequestPending was still true, permanently blocking
   subsequent requests. Fix: moved markScreenSharingComplete() before
   cb() in both the response listener and the timeout handler.

3. Dual ipcMain.once race in open-screen-picker handler — the jitsiBridge
   IPC path registered its own relay listener without clearing any active
   listener from createInternalPickerHandler first. Fix: call
   cleanupScreenSharingListener() before registering the relay.

Also adds "Open System Preferences" link to the screen recording
permission denied callout, consistent with the microphone permission UX.

…e it (RocketChat#3205)

* fix: improve screen share picker cancellation reliability

- Remove redundant dialog.close() call inside onclose handler in Dialog
  hooks (close event fires after dialog is already closed, making the
  call a no-op per WHATWG spec)
- Add safety-net IPC cancellation in ScreenSharePicker: track whether a
  response was sent per picker session; if visible transitions false
  without a response having been sent, send null cancellation as fallback.
  This covers all dismissal paths (click-outside, ESC, programmatic close)
  regardless of the Dialog close event chain

* fix: resolve screen share picker stuck after dismissal

Three compounding bugs caused the screen sharing button to become
permanently unresponsive after the user dismissed the picker by
clicking outside the dialog:

1. handleClose firing after handleShare — when handleShare called
   setVisible(false), the useDialog useEffect triggered dialog.close()
   which synchronously fired onclose → handleClose. Since handleClose
   had no guard, it sent a null cancellation immediately after the real
   sourceId, consuming the ipcMain.once listener with null and leaving
   Jitsi's getDisplayMedia callback unresolved on the next attempt.
   Fix: added responseSentRef.current guard at the top of handleClose.

2. isScreenSharingRequestPending cleared after cb() — Jitsi calls
   getDisplayMedia again synchronously inside the setDisplayMediaRequest-
   Handler callback, re-entering createInternalPickerHandler while
   isScreenSharingRequestPending was still true, permanently blocking
   subsequent requests. Fix: moved markScreenSharingComplete() before
   cb() in both the response listener and the timeout handler.

3. Dual ipcMain.once race in open-screen-picker handler — the jitsiBridge
   IPC path registered its own relay listener without clearing any active
   listener from createInternalPickerHandler first. Fix: call
   cleanupScreenSharingListener() before registering the relay.

Also adds "Open System Preferences" link to the screen recording
permission denied callout, consistent with the microphone permission UX.