feat: add multilingual TeamChats UI (English, Spanish, Hindi)

[vaibhav45sktech]

This PR adds multilingual support for the Team Chats UI by introducing new i18n keys
and translations for English (en), Spanish (es), and Hindi (hi).

Added translations include:

• TeamChats title
• createRoom
• sendMessage
• searchMembers
• addParticipant
• removeParticipant
• noMessages
• typeMessage

Files updated:

• packages/i18n/src/locales/en.i18n.json
• packages/i18n/src/locales/es.i18n.json
• packages/i18n/src/locales/hi.i18n.json

All JSON files are validated and correctly formatted.

Summary by CodeRabbit

• New Features

  • Added rate limiting to message reporting and email confirmation endpoints
  • Added session management setting for account logout on window close
  • Request validation for SMS and Twilio integrations

• Bug Fixes

  • Fixed parameter validation for message history cleanup
  • Fixed access control for message deletion operations
  • Password reset now respects feature flag settings
  • Fixed LDAP email whitespace handling
  • Fixed business hours processing in room abandonment

• Security Improvements

  • Added HTML content sanitization in app marketplace pages
  • Enhanced log redaction for sensitive authentication tokens
  • OAuth app client secret now masked as password field
  • Improved request validation for API endpoints

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7bcd336

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ d-gubert
❌ vaibhav45sktech
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Walkthrough

This release PR performs a comprehensive version bump from 6.10.2 to 6.10.10 across the entire monorepo. It includes security enhancements (HTTP header redaction, HTML sanitization, request validation), rate-limiting configuration for API endpoints, improved access controls, message parser refactoring, and extensive changelog documentation for released versions.

Changes

Cohort / File(s)	Summary
CI/Workflow Configuration .github/workflows/ci-test-e2e.yml	Restricts docker-build step to pull_request events with different head/base repositories.
Version Bumps & Manifests apps/meteor/app/utils/rocketchat.info, apps/meteor/package.json, apps/meteor/ee/server/services/package.json, ee/apps/*/package.json, ee/packages/*/package.json, packages/*/package.json, package.json	Coordinated version updates from v0.x.2/6.10.2 to v0.x.10/6.10.10 across all packages and services.
Changelog Documentation apps/meteor/CHANGELOG.md, apps/meteor/ee/server/services/CHANGELOG.md, ee/apps/*/CHANGELOG.md, ee/packages/*/CHANGELOG.md, packages/*/CHANGELOG.md	Added release notes, patch changes, and updated dependencies documentation for new versions.
Security: Request/Parameter Validation apps/meteor/app/api/server/v1/rooms.ts, apps/meteor/app/livechat/imports/server/rest/sms.ts, packages/core-typings/src/omnichannel/sms.ts, apps/meteor/server/services/omnichannel-integrations/providers/{mobex,twilio,voxtelesys}.ts	Added validateParams for rooms.cleanHistory, SMSService.validateRequest contract and implementations for providers, enabling request validation.
Security: HTTP Header Redaction apps/meteor/app/lib/server/functions/getModifiedHttpHeaders.ts, apps/meteor/app/lib/server/lib/debug.js	New utility to redact sensitive tokens (x-auth-token, rc_token) from logged HTTP headers.
Security: HTML Sanitization apps/meteor/client/views/marketplace/lib/purifyOptions.ts, apps/meteor/client/views/marketplace/AppDetailsPage/tabs/{AppDetails/AppDetails.tsx,AppReleases/AppReleasesItem.tsx}, packages/gazzodown/{package.json,src/emoji/EmojiRenderer.tsx}	Added DOMPurify-based HTML content sanitization for marketplace descriptions and gazzodown emoji rendering.
API Rate Limiting apps/meteor/app/livechat/server/api/v1/{room.ts,visitor.ts}, apps/meteor/server/methods/{reportMessage.ts,sendConfirmationEmail.ts}	Implemented per-minute rate limits (5 requests/60s) for livechat endpoints and rate-limited methods.
Message Processing & Access Control apps/meteor/app/authorization/server/functions/canDeleteMessage.ts, apps/meteor/app/otr/server/methods/updateOTRAck.ts, apps/meteor/server/models/raw/Rooms.ts, packages/model-typings/src/models/IRoomsModel.ts	Enhanced room access validation, added canAccessRoomAsync checks, added findOneByIdAndType room lookup method.
Retention Policy Refactoring apps/meteor/app/retention-policy/server/cronPruneMessages.ts	Replaced maxTimes map with getMaxAgeSettingIdByRoomType accessor; added RetentionRoomTypes type.
Livechat Business Hours apps/meteor/app/livechat/server/hooks/processRoomAbandonment.ts	Added defensive checks for missing office day data in room abandonment processing.
Message Parser Enhancement packages/message-parser/{src/grammar.pegjs,src/utils.ts}, packages/message-parser/tests/{abuse.test.ts,emphasis.test.ts,link.test.ts}	Refactored grammar with Maybe-prefixed guarded parsing rules, added extractFirstResult utility, added comprehensive parsing tests.
Client Configuration apps/meteor/client/startup/accounts.ts	Added reactive Accounts_ForgetUserSessionOnWindowClose setting to configure client storage mode (session vs. local).
OAuth UI Hardening apps/meteor/client/views/admin/oauthApps/EditOauthApp.tsx	Masked Client Secret field input type from TextInput to PasswordInput.
Settings & Utilities apps/meteor/server/settings/message.ts, apps/meteor/server/startup/migrations/xrun.ts, apps/meteor/server/lib/ldap/Manager.ts, apps/meteor/app/api/server/v1/users.ts	Changed Message_Attachments_Strip_Exif default to true, added retention settings migration logic, trimmed LDAP emails, added Accounts_PasswordReset feature flag.
Realtime Monitoring UI apps/meteor/client/views/omnichannel/realTimeMonitoring/RealTimeMonitoringPage.js	Added key randomization to force component remounts/redraws for chart data refresh.
Audit Methods apps/meteor/ee/server/lib/audit/methods.ts	Limited audit log user fields to _id, username, name, avatarETag; added projection for auditGetAuditions.
Type Definitions apps/meteor/definition/externals/meteor/accounts-base.d.ts, packages/core-typings/package.json	Added Accounts.config() type definition for clientStorage option; added @types/express dependency.
End-to-End Tests apps/meteor/tests/e2e/account-forgetSessionOnWindowClose.spec.ts, apps/meteor/tests/end-to-end/api/{00-miscellaneous.js,01-users.js,24-methods.js}, apps/meteor/tests/unit/app/lib/server/functions/getModifiedHttpHeaders.tests.ts, apps/meteor/tests/unit/server/services/omnichannel-integrations/providers/twilio.spec.ts	Added tests for session persistence, log redaction, password reset control, message updates, deletion permissions, and Twilio request validation.
Internationalization packages/i18n/src/locales/{en.i18n.json,es.i18n.json,hi.i18n.json}	Added TeamChats translation group with 8 UI string keys across English, Spanish, and Hindi locales.
KaTeX Rendering packages/gazzodown/src/katex/{KatexBlock.tsx,KatexElement.tsx}	Added maxSize: 100 option to KaTeX render calls.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~65 minutes

Attention areas:

• Message parser grammar refactoring (packages/message-parser/src/grammar.pegjs): High complexity; significant grammar restructuring with new Maybe-prefixed guarded parsing paths requires careful verification of parsing correctness and backward compatibility.
• Multi-file security changes (sanitization in marketplace, header redaction, request validation across providers): Scattered across multiple files with similar but distinct implementations; verify consistency of sanitization approach and validation contracts.
• Coordinated version bumps & dependency updates: While mostly mechanical, verify that all cross-package version references are aligned and that dependency upgrades (e.g., @rocket.chat/apps-engine 1.43.1→1.43.5) are consistent.
• Room access control enhancements (canDeleteMessage, updateOTRAck, canAccessRoomAsync): Multiple locations with new access validation logic; verify authorization flows are consistent and don't introduce regressions.
• Rate limiting on API endpoints: Verify rate limit thresholds (5 requests/60s) are appropriate and don't conflict with existing interceptors.

Possibly related PRs

• chore: Add projection to Rooms.findOneByIdAndType #37254 — Introduces findOneByIdAndType room lookup method in both Rooms model and IRoomsModel interface; directly mirrors this PR's room query API expansion.
• chore(deps): Upgrade some dependencies #37508 — Performs coordinated package version bumps and dependency updates across the monorepo; same scale and pattern as this release bump.
• chore(ci): reduce number of parallel jobs and improve container builds #37466 — Modifies .github/workflows/ci-test-e2e.yml to control docker-build step execution; overlaps with this PR's CI workflow constraint change.

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• tassoevan
• d-gubert

Poem

🐰 A release hops through the warren swift,
From six-ten-two to six-ten-ten,
With sanitized HTML, headers redacted true,
And rate limits keeping the chaos at bay,
The parser now guards with Maybe's own way—
Secure, validated, and ready for you! 🎉

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title describes only a subset of the actual changes. The PR modifies 100+ files across multiple areas including API validations, security measures, rate limiting, and fixes—not just multilingual TeamChats UI.	Revise the PR title to accurately reflect the comprehensive scope of changes, or split this PR into focused feature branches. Consider a title like: 'chore: v6.10.10 release with security enhancements and multilingual support'
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ast-grep (0.40.0)

apps/meteor/tests/end-to-end/api/01-users.js

apps/meteor/tests/end-to-end/api/24-methods.js

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (5)

packages/models/CHANGELOG.md (1)

308-308: Unresolved merge conflict marker present in file.

Line 308 contains > > > > > > > origin/master, which is a git merge conflict marker. This suggests an unresolved merge state. Remove or resolve this marker before merging.

apps/meteor/CHANGELOG.md (3)

408-411: Typo: “auditted” → “audited”.

Fix wording in the E2EE warning callouts line.

- Implement E2EE warning callouts letting users know that encrypted messages can't be searched and auditted on search contextual bar and audit panel.
+ Implement E2EE warning callouts letting users know that encrypted messages can't be searched and audited on search contextual bar and audit panel.

---

1619-1623: Typo: “galery mode” → “gallery mode”.

Minor copy edit in the image attachments note.

- Fixed open expanded view (galery mode) for image attachments sent by livechat widget
+ Fixed open expanded view (gallery mode) for image attachments sent by livechat widget

---

423-424: Typo: “recieve” → “receive”.

Low-risk spelling correction.

- Users now don't need to be online to get the keys ... users can recieve keys
+ Users now don't need to be online to get the keys ... users can receive keys

packages/rest-typings/CHANGELOG.md (1)

373-373: Critical: Merge conflict marker present.

Line 373 contains an unresolved merge conflict marker (>>>>>>> origin/master). This must be removed before merging.

Apply this fix:

-  - @rocket.chat/[email protected]
-  </details>
-
->>>>>>> origin/master
-
 ## 6.7.1

🧹 Nitpick comments (18)

packages/gazzodown/src/katex/KatexBlock.tsx (1)

13-19: Good alignment with inline KaTeX; consider shared options and confirm limit

Mirroring the inline renderer by adding maxSize: 100 here makes the behavior consistent and the change is syntactically and semantically fine.

Two minor follow‑ups:

• Confirm that 100 is the desired upper bound for block formulas as well, and that our KaTeX version supports this option as used.
• (Optional) Since displayMode, macros, and maxSize are now almost identical between KatexElement and KatexBlock, consider extracting a shared base options object (e.g., const baseKatexOptions = { macros: {...}, maxSize: 100 }) and spreading it in both places to avoid future divergence.

packages/i18n/src/locales/en.i18n.json (1)

6481-6489: Add keys only to English; let the translation pipeline populate other locales.
This repo’s workflow adds new keys in en.i18n.json only; es/hi are handled externally or fall back to English. Please revert manual changes in es/hi for these keys.

Based on learnings, ...

packages/message-parser/CHANGELOG.md (1)

1-36: Changelog entries are well-structured; minor style improvement suggested.

The new entries for versions 0.31.32, 0.31.31, and 0.31.30 are properly formatted with PR references. However, line 29 uses "Fixed a problem" which could be more formal. Consider using "Resolved" instead of "Fixed" for consistency with formal changelog conventions.

Apply this optional style improvement:

-  - ([#33929](https://github.com/RocketChat/Rocket.Chat/pull/33929)) Fixed a problem in the deno runtime controller where it would not handle undefined child process references correctly
+  - ([#33929](https://github.com/RocketChat/Rocket.Chat/pull/33929)) Resolved an issue in the deno runtime controller where it would not handle undefined child process references correctly

apps/meteor/tests/end-to-end/api/01-users.js (1)

2473-2503: New forgot-password tests accurately cover enabled/disabled behavior

The added tests correctly assert a 400 error when Accounts_PasswordReset is disabled and ensure the setting is enabled before asserting the 200 success path, aligning with the new route logic. If you want stronger test isolation, you could add a before/after pair in this describe to snapshot and restore Accounts_PasswordReset, but it’s not strictly required given the current toggle sequence.

apps/meteor/CHANGELOG.md (1)

7-10: Deduplicate repeated “Bump @rocket.chat/meteor version.” entries.

Two identical bullets in the same 6.10.10 section add noise; keep one.

 - Bump @rocket.chat/meteor version.
-
 - Bump @rocket.chat/meteor version.

apps/meteor/app/livechat/server/hooks/processRoomAbandonment.ts (1)

59-63: LGTM! Per-day validation handles missing office day data correctly.

The guard skips days without configuration and properly advances the date counter, preventing potential crashes from undefined data.

Consider logging a warning when skipping days due to missing configuration, as this might indicate a data integrity issue:

 		// Config doesnt have data for this day, we skip day
 		if (!officeDay) {
+			// Optional: Log.warning(`Business hours missing for ${today}`);
 			inactivityDay.add(1, 'days');
 			continue;
 		}

apps/meteor/app/lib/server/functions/getModifiedHttpHeaders.ts (1)

1-20: Good security practice: redacting sensitive tokens in logs.

The function correctly redacts authentication tokens before logging HTTP headers.

The cookie parsing assumes a well-formed cookie header string. Consider adding type safety and handling edge cases:

-	if (modifiedHttpHeaders.cookie) {
+	if (modifiedHttpHeaders.cookie && typeof modifiedHttpHeaders.cookie === 'string') {
-		const cookies = modifiedHttpHeaders.cookie.split('; ');
+		const cookies = modifiedHttpHeaders.cookie.trim().split(/;\s*/);
 		const modifiedCookies = cookies.map((cookie: string) => {
+			const trimmedCookie = cookie.trim();
-			if (cookie.startsWith('rc_token=')) {
+			if (trimmedCookie.startsWith('rc_token=')) {
 				return 'rc_token=[redacted]';
 			}
-			return cookie;
+			return trimmedCookie;
 		});
 		modifiedHttpHeaders.cookie = modifiedCookies.join('; ');
 	}

This handles:

• Type checking (cookie could theoretically be an array in some HTTP libraries)
• Extra whitespace around semicolons
• Leading/trailing whitespace in individual cookies

apps/meteor/tests/end-to-end/api/00-miscellaneous.js (1)

5-6: E2E log redaction checks look correct; consider minor robustness tweaks

The /stdout.queue suite correctly:

• Enables tracing and log level, drives traffic (including rc_token cookie and auth header) via methodCall and login, and
• Asserts that the queue contains redacted x-auth-token and rc_token values and never contains the raw token.

Two optional improvements you might consider:

• The fixed await sleep(4000); plus subsequent requests could still be a source of flakiness on slow environments; if practical, replacing the sleep with a poll on /stdout.queue until logs appear (or a timeout) would be more deterministic.
• The assertions rely on exact string snippets in log.string; any future change in log formatting could break the tests even if redaction still works. If the logger output format evolves, it may be worth centralizing/parsing the relevant portion rather than matching full substrings.

Overall, the behavior under test and the way the tests are wired look good.

Also applies to: 699-848

apps/meteor/ee/server/lib/audit/methods.ts (1)

91-102: Improved PII minimization in audit logs; small helper extraction could reduce duplication

Using a reduced userFields object for u in AuditLog.insertOne and adding a projection that strips nested u.services, u.roles, u.emails, etc. from auditGetAuditions responses significantly tightens exposure of user data while preserving required identifiers.

You build the same userFields structure in both auditGetOmnichannelMessages and auditGetMessages. If this pattern spreads further, consider extracting a tiny helper (e.g., buildAuditUserFields(user)) to centralize that mapping; otherwise this looks solid as is.

Also applies to: 125-129, 138-149, 183-189, 201-218

apps/meteor/app/otr/server/methods/updateOTRAck.ts (1)

3-9: Stronger validation and access control for OTR ack updates

The updated updateOTRAck implementation now correctly:

• Rejects unauthenticated callers and non‑otr messages.
• Validates the message/ack payload shape.
• Confirms the room exists, is of the expected type, and that the caller can access it.
• Ensures the message’s u._id belongs to the room’s participants when uids is present.

This significantly hardens the method against malformed or unauthorized calls. If you want to further improve readability, you could split the compound check on canAccessRoomAsync/room.uids into named booleans before the if, but functionally this looks good.

Also applies to: 18-50

apps/meteor/client/views/omnichannel/realTimeMonitoring/RealTimeMonitoringPage.js (1)

106-153: Unnecessary optional chaining on ref.

The keys ref is always defined via useRef, so keys?.current can be simplified to keys.current. The optional chaining adds no safety here since keys will never be null/undefined.

Example fix for line 106:

-<ConversationOverview key={keys?.current[0]} flexGrow={1} flexShrink={1} width='50%' reloadRef={reloadRef} params={allParams} />
+<ConversationOverview key={keys.current[0]} flexGrow={1} flexShrink={1} width='50%' reloadRef={reloadRef} params={allParams} />

apps/meteor/app/retention-policy/server/cronPruneMessages.ts (1)

11-20: Function name is misleading.

The function getMaxAgeSettingIdByRoomType returns the actual TTL value from settings, not the setting ID. Consider renaming to getMaxAgeByRoomType or getRetentionTTLByRoomType for clarity.

-const getMaxAgeSettingIdByRoomType = (type: RetentionRoomTypes) => {
+const getMaxAgeByRoomType = (type: RetentionRoomTypes) => {
 	switch (type) {
 		case 'c':
 			return settings.get<number>('RetentionPolicy_TTL_Channels');
 		case 'p':
 			return settings.get<number>('RetentionPolicy_TTL_Groups');
 		case 'd':
 			return settings.get<number>('RetentionPolicy_TTL_DMs');
 	}
 };

And update the call site at line 39:

-const maxAge = getMaxAgeSettingIdByRoomType(type) || 0;
+const maxAge = getMaxAgeByRoomType(type) || 0;

packages/gazzodown/src/emoji/EmojiRenderer.tsx (1)

18-23: Consider whether sanitization is necessary for programmatically-generated emoji fallback.

The fallback content is derived from the emoji object's unicode or shortCode properties, which are programmatically generated from emoji metadata rather than user input. DOMPurify.sanitize may be unnecessary here, as the content should already be safe. However, defense-in-depth sanitization is not harmful if performance is acceptable.

apps/meteor/tests/unit/server/services/omnichannel-integrations/providers/twilio.spec.ts (2)

11-14: Remove unused twilioStub - it's not wired into proxyquire.

twilioStub is defined but never passed to proxyquire. The actual twilio module with validateRequest is used directly by the provider. This stub setup is dead code.

-const twilioStub = {
-	validateRequest: sinon.stub(),
-	isRequestFromTwilio: sinon.stub(),
-};

Also remove the reset calls in beforeEach (lines 52-53).

---

105-124: Set TEST_MODE explicitly in each test to ensure isolation.

Tests at lines 105-124 and 145-164 don't explicitly set process.env.TEST_MODE = 'false', relying on state from previous tests. This can cause flaky behavior if test order changes.

Add process.env.TEST_MODE = 'false'; at the start of these tests for proper isolation:

 	it('should reject a request where signature doesnt match', () => {
+		process.env.TEST_MODE = 'false';
+
 		settingsStub.get.withArgs('SMS_Twilio_authToken').returns('test');

Also applies to: 145-164

apps/meteor/tests/e2e/account-forgetSessionOnWindowClose.spec.ts (3)

20-22: Use .fill() instead of deprecated .type() method.

Playwright's .type() is deprecated. Use .fill() for setting input values.

-			await poRegistration.username.type('user1');
-			await poRegistration.inputPassword.type(DEFAULT_USER_CREDENTIALS.password);
+			await poRegistration.username.fill('user1');
+			await poRegistration.inputPassword.fill(DEFAULT_USER_CREDENTIALS.password);

Also applies to: 43-45

---

24-24: Prefer semantic locators over page.locator('role=...').

Per coding guidelines, use page.getByRole() instead of page.locator('role=...') for better readability and maintainability.

-			await expect(page.locator('role=heading[name="Welcome to Rocket.Chat"]')).toBeVisible();
+			await expect(page.getByRole('heading', { name: 'Welcome to Rocket.Chat' })).toBeVisible();

-			await expect(newPage.locator('role=heading[name="Welcome to Rocket.Chat"]')).toBeVisible();
+			await expect(newPage.getByRole('heading', { name: 'Welcome to Rocket.Chat' })).toBeVisible();

-			await expect(newPage.locator('role=button[name="Login"]')).toBeVisible();
+			await expect(newPage.getByRole('button', { name: 'Login' })).toBeVisible();

Also applies to: 29-29, 47-47, 52-52

---

14-14: Avoid async in test.describe() callback.

The async modifier on test.describe() callbacks (lines 14 and 33) is unnecessary and can cause issues. Describe blocks should be synchronous.

-	test.describe('Setting off', async () => {
+	test.describe('Setting off', () => {

-	test.describe('Setting on', async () => {
+	test.describe('Setting on', () => {

Also applies to: 33-33

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Remove duplicate test case.

This test (lines 69-80) is an exact copy of the test at lines 56-67. Both test the same scenario: "should not validate a request when process.env.TEST_MODE is true".

-	it('should not validate a request when process.env.TEST_MODE is true', () => {
-		process.env.TEST_MODE = 'true';
-
-		const twilio = new Twilio();
-		const request = {
-			headers: {
-				'x-twilio-signature': 'test',
-			},
-		};
-
-		expect(twilio.validateRequest(request)).to.be.true;
-	});

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	it('should not validate a request when process.env.TEST_MODE is true', () => {
	process.env.TEST_MODE = 'true';
	const twilio = new Twilio();
	const request = {
	headers: {
	'x-twilio-signature': 'test',
	},
	};
	expect(twilio.validateRequest(request)).to.be.true;
	});

🤖 Prompt for AI Agents

In
apps/meteor/tests/unit/server/services/omnichannel-integrations/providers/twilio.spec.ts
around lines 69 to 80, there is a duplicate test case that repeats the same
"should not validate a request when process.env.TEST_MODE is true" scenario
already defined at lines 56-67; remove the redundant test block (lines 69-80) so
only the original test remains, ensuring no other tests rely on this duplicate
and running the test suite afterwards to confirm no regressions.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Do not nest objects in this file; flatten the TeamChats keys.
The locales files are a flat key→string map. Introducing a nested "TeamChats" object and lowerCamelCase subkeys will likely break lookups and violates prevailing naming. Flatten and follow the existing key style.

Apply this diff to replace the nested object with flat keys:

-  "TeamChats": {
-    "title": "Team Chats",
-    "createRoom": "Create New Room",
-    "sendMessage": "Send Message",
-    "searchMembers": "Search Members",
-    "addParticipant": "Add Participant",
-    "removeParticipant": "Remove Participant",
-    "noMessages": "No messages yet",
-    "typeMessage": "Type a message..."
-  }
+  "TeamChats_Title": "Team Chats",
+  "TeamChats_CreateRoom": "Create New Room",
+  "TeamChats_SendMessage": "Send Message",
+  "TeamChats_SearchMembers": "Search Members",
+  "TeamChats_AddParticipant": "Add Participant",
+  "TeamChats_RemoveParticipant": "Remove Participant",
+  "TeamChats_NoMessages": "No messages yet",
+  "TeamChats_TypeMessage": "Type a message..."

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"title": "Team Chats",
	"createRoom": "Create New Room",
	"sendMessage": "Send Message",
	"searchMembers": "Search Members",
	"addParticipant": "Add Participant",
	"removeParticipant": "Remove Participant",
	"noMessages": "No messages yet",
	"typeMessage": "Type a message..."
	}
	"TeamChats_Title": "Team Chats",
	"TeamChats_CreateRoom": "Create New Room",
	"TeamChats_SendMessage": "Send Message",
	"TeamChats_SearchMembers": "Search Members",
	"TeamChats_AddParticipant": "Add Participant",
	"TeamChats_RemoveParticipant": "Remove Participant",
	"TeamChats_NoMessages": "No messages yet",
	"TeamChats_TypeMessage": "Type a message..."

🤖 Prompt for AI Agents

packages/i18n/src/locales/en.i18n.json lines 6481-6489: the current JSON
contains a nested "TeamChats" object which breaks the flat key→string
convention; replace the nested object with flat lowerCamelCase keys by removing
the "TeamChats" nesting and adding top-level keys like "teamChatsTitle",
"teamChatsCreateRoom", "teamChatsSendMessage", "teamChatsSearchMembers",
"teamChatsAddParticipant", "teamChatsRemoveParticipant", "teamChatsNoMessages",
and "teamChatsTypeMessage" mapped to the same string values so all keys remain
flat and follow the existing naming style.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Check recent commits to locale files to understand the pattern
git log --oneline -20 -- "packages/i18n/src/locales/" | head -20

Repository: RocketChat/Rocket.Chat

Length of output: 188

---

🏁 Script executed:

# Check if TeamChats exists in en.i18n.json
rg "TeamChats" packages/i18n/src/locales/en.i18n.json -A 10

Repository: RocketChat/Rocket.Chat

Length of output: 188

---

🏁 Script executed:

# Examine what locale files exist and their recent modification pattern
ls -la packages/i18n/src/locales/ | head -30

Repository: RocketChat/Rocket.Chat

Length of output: 188

---

🏁 Script executed:

# Check for translation pipeline or automation scripts
fd -e "\.ts$|\.js$|\.json$" packages/i18n/ | grep -i "pipeline\|translate\|auto\|sync" | head -20

Repository: RocketChat/Rocket.Chat

Length of output: 188

---

🏁 Script executed:

# Look for scripts or workflows related to i18n
fd -e "\.yml$|\.yaml$" | xargs rg "i18n|translate" | head -20

Repository: RocketChat/Rocket.Chat

Length of output: 188

---

Remove manually added keys from non-English locale file—follow the i18n workflow.

Per the established i18n workflow in this repository, new translation keys should be added only to packages/i18n/src/locales/en.i18n.json. Other locale files (including hi.i18n.json and es.i18n.json) are populated via an external translation pipeline and/or fall back to English.

Manually adding the same keys to Hindi and Spanish files contradicts this process and may cause conflicts or overwrites when the translation pipeline runs.

Action required: Remove the TeamChats object from this file (lines 217–226). Keep only the changes to the English locale file.

🤖 Prompt for AI Agents

In packages/i18n/src/locales/hi.i18n.json around lines 217 to 226, remove the
manually added "TeamChats" object entirely so this non-English locale no longer
contains keys that should be managed only in the English master file; ensure you
leave other Hindi keys untouched, do not add any replacement keys here, and keep
new translation key additions confined to packages/i18n/src/locales/en.i18n.json
per the i18n workflow before committing.