[PM-36251] feat: Navigate archive premium upsell through in-app upgrade flow

[andrebispo5]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-36251

📔 Objective

Wires the archive unavailable upsell CTA to the same in-app premium upgrade flow used by the vault list banner, instead of always opening the web vault URL.

• Renames shouldShowPremiumUpgradeBanner → isPremiumUpgradeEligible to better reflect that it checks user eligibility, not banner visibility.
• Extracts isPremiumUpgradeBannerDismissed as a separate StateService method so banner dismissal is a distinct concern.
• Adds isInAppUpgradeAvailable() and navigateToPremiumUpgrade() to VaultListProcessor, encapsulating the routing decision (in-app upgrade flow vs. web vault fallback) based on the feature flag and US storefront.
• The banner respects dismissal; the archive CTA bypasses it so a dismissed banner does not block the user from upgrading via the archive entry point.

[Copilot]

Pull request overview

Routes the “Archive unavailable” upsell CTA through the same premium in-app upgrade flow as the vault list banner (with a web vault URL fallback when in-app upgrade isn’t available), and refactors premium-upgrade banner eligibility vs. dismissal into distinct concerns.

Changes:

• Split premium upgrade logic into eligibility (isPremiumUpgradeEligible) vs. banner dismissal (isPremiumUpgradeBannerDismissed).
• Centralized in-app upgrade availability checks and navigation fallback logic inside VaultListProcessor.
• Updated/added tests to cover banner dismissal behavior and archive CTA routing (in-app vs web fallback).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
BitwardenShared/UI/Vault/Vault/VaultList/VaultListProcessor.swift	Refactors premium upgrade banner visibility logic and routes archive upsell to in-app upgrade when available, otherwise web URL fallback.
BitwardenShared/UI/Vault/Vault/VaultList/VaultListProcessorTests.swift	Updates banner tests for new eligibility/dismissal split; adds archive CTA routing tests.
BitwardenShared/Core/Platform/Services/StateService.swift	Updates StateService API by replacing shouldShowPremiumUpgradeBanner() with eligibility + dismissal methods and implements them in DefaultStateService.
BitwardenShared/Core/Platform/Services/StateServiceTests.swift	Renames/adjusts tests for the new StateService API and adds dismissal-specific tests.
BitwardenShared/Core/Platform/Services/TestHelpers/MockStateService.swift	Updates the mock to match the new StateService API used by tests/processors.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Avoid try? + optional chaining here; if the alert/action isn't present, the test will silently continue and could pass incorrectly. Unwrap the alert and use try await so failures are surfaced.

[Copilot]

Avoid try? + optional chaining here; if the alert/action isn't present, the test will silently continue and could pass incorrectly. Unwrap the alert and use try await so failures are surfaced.

Suggested change

	let alert = coordinator.alertShown.last
	XCTAssertEqual(alert?.title, Localizations.archiveUnavailable)
	XCTAssertEqual(alert?.message, Localizations.archivingItemsIsAPremiumFeatureDescriptionLong)
	try? await alert?.tapAction(title: Localizations.upgradeToPremium)
	let alert = try XCTUnwrap(coordinator.alertShown.last)
	XCTAssertEqual(alert.title, Localizations.archiveUnavailable)
	XCTAssertEqual(alert.message, Localizations.archivingItemsIsAPremiumFeatureDescriptionLong)
	try await alert.tapAction(title: Localizations.upgradeToPremium)

[Copilot]

The doc comment for test_isPremiumUpgradeEligible_true still says eligibility requires the banner to not be dismissed, but isPremiumUpgradeEligible() no longer checks dismissal (that’s covered by isPremiumUpgradeBannerDismissed()). Please update the comment (and consider renaming shouldShow to isEligible for clarity).

[Copilot]

This test claims the archive upgrade flow should work even when the banner is dismissed, but it never sets stateService.isPremiumUpgradeBannerDismissedResult = true. As written it doesn't actually verify the dismissal-bypass behavior.

[Copilot]

Avoid try? + optional chaining here; if the alert/action isn't present, the test will silently continue and could pass incorrectly. Unwrap the alert and use try await so failures are surfaced.

[codecov]

Codecov Report

❌ Patch coverage is 98.98649% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.22%. Comparing base (9d93d87) to head (08615d3).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...enShared/Core/Platform/Services/StateService.swift	81.25%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2607      +/-   ##
==========================================
+ Coverage   87.20%   87.22%   +0.02%     
==========================================
  Files        1895     1898       +3     
  Lines      167767   167986     +219     
==========================================
+ Hits       146304   146531     +227     
+ Misses      21463    21455       -8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[fedemkr]

⛏️ I wouldn't say which are the requirements here in the protocol as if they change you need to remember updating this comment as well. Also the caller doesn't need to know which are the requirements just what the function does and returns.
So for easier maintainability I'd just remove this line

Suggested change

/// (free account and 7+ days old).

[fedemkr]

⛏️ I think you can drop the outer parenthesis here:

Suggested change

	await ((try? getPremiumUpgradeBannerDismissed()) ?? false)
	await (try? getPremiumUpgradeBannerDismissed()) ?? false

🤔 Also, I think you should log the error if getPremiumUpgradeBannerDismissed throws and then return false instead of of using try? here. Or is it fine to ignore the errors on this function?

[fedemkr]

🤔 Shouldn't an error be logged if getActiveAccount throws or is it safe to ignore here?

[andrebispo5]

it will fail in doesActiveAccountHavePremium the call above and return false

[fedemkr]

🎨 Can't you just return the operation result here?

Suggested change

	guard timeProvider.timeSince(creationDate) >= Constants.premiumUpgradeBannerAccountAge else {
	return false
	}
	return true
	return timeProvider.timeSince(creationDate) >= Constants.premiumUpgradeBannerAccountAge

[fedemkr]

🤔 Shouldn't this be logging the error when hasMinimumCipherCount throws instead of ignoring it?

[fedemkr]

🎨 IMO this services.storefrontService.isUSStorefront should be checked before hasMinimumCipherCount or even services.stateService.isPremiumUpgradeEligible as it should be faster and consume less resources than the others, as it's just a cached value.

[fedemkr]

⛏️ I'd use a guard here to avoid the nesting blocks and be more "Swifty":

Suggested change

	if await isInAppUpgradeAvailable() {
	subscribeToPremiumCheckoutStatus()
	coordinator.navigate(to: .premiumUpgrade)
	} else {
	state.url = services.environmentService.upgradeToPremiumURL
	}
	guard await isInAppUpgradeAvailable() else {
	state.url = services.environmentService.upgradeToPremiumURL
	return
	}
	subscribeToPremiumCheckoutStatus()
	coordinator.navigate(to: .premiumUpgrade)

[fedemkr]

🎨 If the banner has already been dismissed then it's wasteful to check for isInAppUpgradeAvailable as that value doesn't really matter later. So I would rewrite this with short-circuit as:

        let isBannerDismissed = await services.stateService.isPremiumUpgradeBannerDismissed()
        guard !isBannerDismissed else {
            state.shouldShowPremiumUpgradeActionCard = false
            return
        }
        state.shouldShowPremiumUpgradeActionCard = await isInAppUpgradeAvailable()

or like this:

        let isBannerDismissed = await services.stateService.isPremiumUpgradeBannerDismissed()
        state.shouldShowPremiumUpgradeActionCard = !isBannerDismissed && (await isInAppUpgradeAvailable())

[github-actions]

🤖 Bitwarden Claude Code Review

Overall Assessment: REQUEST CHANGES

This PR refactors the premium upgrade banner eligibility logic, introduces a new BillingRepository to encapsulate the in-app upgrade availability check, and routes the archive upsell through the in-app upgrade flow. The new repository has solid unit coverage, the StateService split between isPremiumUpgradeEligible() and isPremiumUpgradeBannerDismissed() is a clean separation of concerns, and VaultListProcessor correctly bypasses the banner dismissal for the archive entry point. One issue with the migration of the more-options archive entry is worth addressing before merge.

Code Review Details

• ⚠️ : Archive entry in VaultItemMoreOptionsHelper navigates to .premiumUpgrade without subscribing to premiumCheckoutStatusPublisher, so a successful checkout never dismisses the upgrade screen and the vault is not refreshed.
  • BitwardenShared/UI/Vault/Helpers/VaultItemMoreOptionsHelper.swift:131-143

[claude]

❓ QUESTION: The same Alert.archiveUnavailable is also shown from VaultItemMoreOptionsHelper.archive() (when a non-premium user taps Archive on an individual cipher), but that path still goes straight to services.environmentService.upgradeToPremiumURL and bypasses the new in-app upgrade flow.

Details

BitwardenShared/UI/Vault/Helpers/VaultItemMoreOptionsHelper.swift:131-134:

Alert.archiveUnavailable(action: { [weak self] in
    guard let self else { return }
    handleOpenURL(services.environmentService.upgradeToPremiumURL)
}),

Was the more-options entry point intentionally left out of scope, or should it be migrated to the same navigateToPremiumUpgrade() path so that the identical alert routes consistently from both entry points?

[claude]

⚠️ IMPORTANT: Archive entry navigates to .premiumUpgrade without subscribing to premiumCheckoutStatusPublisher, so a successful checkout never dismisses the upgrade screen.

Details and fix

PremiumUpgradeProcessor.subscribeToPremiumCheckoutStatus only handles .canceled itself; for .confirmed, .pending, and .syncing it relies on the parent owning the dismiss (see the explicit comment in PremiumUpgradeProcessor.swift:120-122: "VaultListProcessor owns the dismiss and all post-dismiss actions via DismissAction for each of these states.").

VaultListProcessor.navigateToPremiumUpgrade() calls subscribeToPremiumCheckoutStatus() before navigating, but the new code path in this helper does not. Concrete consequences when in-app upgrade is available and the user completes checkout from the archive more-options entry:

• The premium upgrade modal does not dismiss after .confirmed (no DismissAction).
• The vault is not refreshed and state.hasPremium is not updated, so the archive group still appears unavailable.
• The "upgrade pending" alert is not shown for .pending.
• The confirming-loading overlay is not shown for .syncing.

VaultItemMoreOptionsHelper is a @MainActor helper, not a StateProcessor, so it cannot reasonably own the dismiss/refresh logic. The cleanest fix is to keep the upsell routing centralized in VaultListProcessor — either by surfacing this through the existing .upgradeToPremium action, or by exposing a coordinator/delegate hook so the processor can subscribe before navigation.

Reference: BitwardenShared/UI/Billing/PremiumUpgrade/PremiumUpgradeProcessor.swift:117-124, BitwardenShared/UI/Vault/Vault/VaultList/VaultListProcessor.swift:562-569.