Add Authenticator app-lock timeout

[david-livefront]

🎟️ Tracking

BWA-221

📔 Objective

This PR adds the App lock timeout feature to the Authenticator app.

• The default is Never until you enable app lock, then it should switch to OnAppRestart.

📸 Screenshots

Screen_recording_20260303_135752.mp4

[claude]

Claude finished @david-livefront's task in 4m 42s —— View job

---

Re-Review Summary

PR: Add Authenticator app-lock timeout
Scope: 20 files changed (+956 / -53) -- new feature adding configurable session timeout to the Authenticator app

Previous Findings

All prior threads are resolved:

• CRITICAL (Correctness): Timeout job not cancelled on foreground -- Fixed (handleOnForeground() now calls clearJob())
• SUGGESTED: Constant name mismatch -- Fixed (renamed to APP_TIMEOUT_IN_MINUTES_KEY)
• Human reviewer (SaintPatrck): Copy-paste comment referencing logout/active users -- Fixed
• Human reviewer (SaintPatrck): Unnecessary null-coalescing on timeoutInMinutes -- Fixed

Re-Review Result

No new issues found. Comprehensive analysis of the final squashed commit confirms:

• Security: Timeout preference is non-sensitive data stored in SharedPreferences. Biometric keys and timeout are properly cleared on biometrics disable via BiometricsEncryptionManagerImpl.clearBiometrics(). The setupBiometricsKey flow correctly calls manualAppUnlock() before storing the biometric key, preventing a race where the combine in appLockStateFlow could emit LOCKED prematurely.
• Correctness: Migration logic for existing biometric users is correct (sets OnAppRestart when appTimeoutInMinutes is null but biometric key exists). Initial lock state correctly differentiates Never (starts unlocked) from all other timeouts (starts locked). The ScreenStateBroadcastReceiver properly recalculates remaining delay using elapsedRealtimeMs to compensate for Doze mode pausing coroutine delays. Negative remaining durations correctly result in immediate lock since delay() returns immediately for non-positive values.
• Architecture: Clean separation -- SettingsDiskSource handles persistence, SettingsRepository converts between stored Int and AppTimeout sealed class, AppLockManager owns lock state and timeout logic, ViewModel follows established UDF pattern with Internal actions for flow updates.
• Test coverage: Strong -- covers initialization migration, lock state transitions, timeout/foreground cancellation, screen-on timer restart, repository mapping, ViewModel actions, and UI interactions (session timeout row visibility, disabled state, dialog display, and selection).

✅ Approved -- All prior feedback addressed. Implementation is clean and well-tested.

[codecov]

Codecov Report

❌ Patch coverage is 84.57143% with 27 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.35%. Comparing base (d0dc420) to head (bc01dee).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...r/data/platform/manager/lock/AppLockManagerImpl.kt	78.26%	10 Missing and 5 partials ⚠️
...data/platform/repository/SettingsRepositoryImpl.kt	55.00%	1 Missing and 8 partials ⚠️
...platform/datasource/disk/SettingsDiskSourceImpl.kt	83.33%	1 Missing ⚠️
...tor/ui/platform/feature/settings/SettingsScreen.kt	97.05%	1 Missing ⚠️
.../ui/platform/feature/settings/SettingsViewModel.kt	96.87%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6609      +/-   ##
==========================================
- Coverage   85.89%   85.35%   -0.54%     
==========================================
  Files         803      969     +166     
  Lines       57198    60102    +2904     
  Branches     8270     8405     +135     
==========================================
+ Hits        49130    51300    +2170     
- Misses       5195     5888     +693     
- Partials     2873     2914      +41     

Flag	Coverage Δ
app-data	17.72% <0.00%> (+0.18%)	⬆️
app-ui-auth-tools	21.19% <0.00%> (+0.24%)	⬆️
app-ui-platform	15.73% <0.00%> (+0.61%)	⬆️
app-ui-vault	26.45% <0.00%> (+0.57%)	⬆️
authenticator	6.70% <84.57%> (+0.25%)	⬆️
lib-core-network-bridge	4.14% <0.00%> (-0.16%)	⬇️
lib-data-ui	0.89% <0.00%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Checkmarx One – Scan Summary & Details – ef623f38-0330-45ef-bc6e-588008e09c59

Great job! No new security vulnerabilities introduced in this pull request

[david-livefront]

Thanks @SaintPatrck