From 4c79d09d9b6e4c032c9b1775c676b447bc29dc3f Mon Sep 17 00:00:00 2001
From: David May <david.leo.may@gmail.com>
Date: Mon, 8 Jun 2026 10:59:54 +0200
Subject: [PATCH 1/2] chore: remove legacy Azure DEV workflow (DEV now runs on
 dfxdev)

---
 .github/workflows/api-dev.yaml | 94 ----------------------------------
 1 file changed, 94 deletions(-)
 delete mode 100644 .github/workflows/api-dev.yaml

diff --git a/.github/workflows/api-dev.yaml b/.github/workflows/api-dev.yaml
deleted file mode 100644
index 57b52ad49a..0000000000
--- a/.github/workflows/api-dev.yaml
+++ /dev/null
@@ -1,94 +0,0 @@
-# Legacy Azure deploy — will be removed after DFX server migration cutover.
-# New deploy pipeline: dfx-api-dev.yaml (Docker + SSH to dfxdev).
-name: API DEV CI/CD
-
-on:
-  push:
-    branches: [develop]
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-concurrency:
-  group: deploy-dev
-  cancel-in-progress: true
-
-env:
-  AZURE_WEBAPP_NAME: app-dfx-api-dev
-  AZURE_WEBAPP_PACKAGE_PATH: '.'
-  NODE_VERSION: '20.x'
-  DEV_API_URL: https://dev.api.dfx.swiss
-
-jobs:
-  build-and-deploy:
-    name: Build, test and deploy to DEV
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
-      - name: Use Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@v5
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: 'npm'
-
-      - name: Install packages
-        uses: nick-fields/retry@v4
-        with:
-          timeout_minutes: 10
-          max_attempts: 3
-          retry_on: error
-          command: npm ci
-
-      - name: Run linter
-        run: npm run lint
-
-      - name: Format check
-        run: npm run format:check
-
-      - name: Build code
-        run: npm run build
-
-      - name: Run tests
-        run: npm run test
-
-      - name: Security audit
-        run: npm audit --audit-level=high
-        continue-on-error: true
-
-      - name: Write version file
-        run: echo "${{ github.sha }}" > dist/version.txt
-
-      - name: Deploy to Azure App Service (DEV)
-        uses: azure/webapps-deploy@v3
-        with:
-          app-name: ${{ env.AZURE_WEBAPP_NAME }}
-          publish-profile: ${{ secrets.DEV_PUBLISH_PROFILE }}
-          package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
-
-      - name: Verify DEV deployment
-        timeout-minutes: 15
-        run: |
-          EXPECTED=${{ github.sha }}
-          echo "Expected commit: $EXPECTED"
-
-          for i in {1..30}; do
-            if RESPONSE=$(curl -sf ${{ env.DEV_API_URL }}/version 2>&1); then
-              ACTUAL=$(echo "$RESPONSE" | jq -r '.commit')
-              echo "Attempt $i: DEV running $ACTUAL"
-
-              if [ "$EXPECTED" == "$ACTUAL" ]; then
-                echo "DEV is running the latest develop commit"
-                exit 0
-              fi
-            else
-              echo "Attempt $i: DEV API not reachable"
-            fi
-
-            sleep 30
-          done
-
-          echo "::error::DEV is not running the latest develop commit after 15 minutes"
-          exit 1

From 4caaf1dde8ff85a256f653fee84b71df4c83d7a6 Mon Sep 17 00:00:00 2001
From: David May <david.leo.may@gmail.com>
Date: Tue, 9 Jun 2026 13:07:45 +0200
Subject: [PATCH 2/2] fix(notification): make security-critical mails
 non-suppressible

ACCOUNT_MERGE_REQUEST, CHANGED_MAIL, ADDED_ADDRESS and ACCOUNT_DEACTIVATION
were mapped to MailContextType.INFO, causing them to be silently dropped for
users whose wallet disables the Info mail type. These are mandatory
account-blocking or security notifications and must always be delivered.

Maps them to null (same as MONITORING/WEBHOOK/SEPA) so isDisabledMailWallet
short-circuits and the mails bypass wallet mailConfig checks entirely.

Closes #3842
---
 src/subdomains/supporting/notification/enums/index.ts | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/subdomains/supporting/notification/enums/index.ts b/src/subdomains/supporting/notification/enums/index.ts
index dc0dfdc499..e5facffbd5 100644
--- a/src/subdomains/supporting/notification/enums/index.ts
+++ b/src/subdomains/supporting/notification/enums/index.ts
@@ -66,7 +66,7 @@ export enum MailContextType {
 }
 
 export const MailContextTypeMapper: {
-  [key in MailContext]: MailContextType;
+  [key in MailContext]: MailContextType | null;
 } = {
   [MailContext.BUY_CRYPTO]: MailContextType.BUY_CRYPTO,
   [MailContext.BUY_CRYPTO_PENDING]: MailContextType.BUY_CRYPTO,
@@ -83,14 +83,14 @@ export const MailContextTypeMapper: {
   [MailContext.BUY_FIAT_RETURN]: MailContextType.BUY_FIAT,
   [MailContext.CRYPTO_INPUT_RETURN]: MailContextType.BUY_FIAT,
   [MailContext.BLACK_SQUAD]: MailContextType.INFO,
-  [MailContext.CHANGED_MAIL]: MailContextType.INFO,
-  [MailContext.ADDED_ADDRESS]: MailContextType.INFO,
-  [MailContext.ACCOUNT_MERGE_REQUEST]: MailContextType.INFO,
+  [MailContext.CHANGED_MAIL]: null,
+  [MailContext.ADDED_ADDRESS]: null,
+  [MailContext.ACCOUNT_MERGE_REQUEST]: null,
   [MailContext.LIMIT_REQUEST]: MailContextType.INFO,
   [MailContext.CUSTOM]: MailContextType.INFO,
   [MailContext.SUPPORT_MESSAGE]: MailContextType.INFO,
   [MailContext.UNASSIGNED_TX]: MailContextType.INFO,
-  [MailContext.ACCOUNT_DEACTIVATION]: MailContextType.INFO,
+  [MailContext.ACCOUNT_DEACTIVATION]: null,
   [MailContext.RECOMMENDATION_CONFIRMATION]: MailContextType.INFO,
   [MailContext.RECOMMENDATION_MAIL]: MailContextType.INFO,
   [MailContext.LOGIN]: MailContextType.AUTH,